cobaltstrike | c6f10f217719ca2b052830a725a5981f57eb5fa34626acfeaf36ea5933360230

Analysis

max time kernel
100s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

3b05c447f43a88cc8fadd401176183f0
SHA1

0e5e2e69d96e37239ba91e32d3b086cff1b80037
SHA256

c6f10f217719ca2b052830a725a5981f57eb5fa34626acfeaf36ea5933360230
SHA512

e77e042ea2a050c79ca495fd7dfa388d2abe712f393a71ca903b0bd8bcdd010046e9fc9334627e3bf89cc50d8ceb3e8342a04ff670298c7a0040fb88927db746
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUB:j+R56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023baa-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-23.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c9e-30.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca5-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-51.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-59.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-89.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-103.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-128.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e767-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-138.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-154.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-145.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-143.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbb-167.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-172.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-179.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-184.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-191.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1560-0-0x00007FF6C6FC0000-0x00007FF6C730D000-memory.dmp	xmrig
behavioral2/files/0x000c000000023baa-5.dat	xmrig
behavioral2/memory/1356-7-0x00007FF7E3D80000-0x00007FF7E40CD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca2-10.dat	xmrig
behavioral2/memory/1480-13-0x00007FF68C800000-0x00007FF68CB4D000-memory.dmp	xmrig
behavioral2/memory/380-19-0x00007FF67B070000-0x00007FF67B3BD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-12.dat	xmrig
behavioral2/files/0x0007000000023ca3-23.dat	xmrig
behavioral2/files/0x0008000000023c9e-30.dat	xmrig
behavioral2/memory/4884-25-0x00007FF7928F0000-0x00007FF792C3D000-memory.dmp	xmrig
behavioral2/memory/4184-31-0x00007FF6EBB50000-0x00007FF6EBE9D000-memory.dmp	xmrig
behavioral2/memory/400-37-0x00007FF7E1B00000-0x00007FF7E1E4D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-36.dat	xmrig
behavioral2/files/0x0007000000023ca5-41.dat	xmrig
behavioral2/memory/744-43-0x00007FF772230000-0x00007FF77257D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca6-47.dat	xmrig
behavioral2/files/0x0007000000023ca7-51.dat	xmrig
behavioral2/memory/4692-52-0x00007FF753610000-0x00007FF75395D000-memory.dmp	xmrig
behavioral2/memory/864-55-0x00007FF69A600000-0x00007FF69A94D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-59.dat	xmrig
behavioral2/files/0x0007000000023caa-66.dat	xmrig
behavioral2/memory/428-61-0x00007FF6F5210000-0x00007FF6F555D000-memory.dmp	xmrig
behavioral2/memory/4716-67-0x00007FF6A8230000-0x00007FF6A857D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cab-71.dat	xmrig
behavioral2/memory/2696-79-0x00007FF7E72B0000-0x00007FF7E75FD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cac-78.dat	xmrig
behavioral2/memory/208-73-0x00007FF795900000-0x00007FF795C4D000-memory.dmp	xmrig
behavioral2/memory/4032-85-0x00007FF70ED10000-0x00007FF70F05D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cad-84.dat	xmrig
behavioral2/files/0x0007000000023cae-89.dat	xmrig
behavioral2/files/0x0007000000023caf-95.dat	xmrig
behavioral2/files/0x0007000000023cb0-98.dat	xmrig
behavioral2/files/0x0007000000023cb1-103.dat	xmrig
behavioral2/files/0x0007000000023cb2-113.dat	xmrig
behavioral2/memory/912-115-0x00007FF6E3760000-0x00007FF6E3AAD000-memory.dmp	xmrig
behavioral2/memory/4416-111-0x00007FF77DE40000-0x00007FF77E18D000-memory.dmp	xmrig
behavioral2/memory/2448-106-0x00007FF7EB570000-0x00007FF7EB8BD000-memory.dmp	xmrig
behavioral2/memory/3688-100-0x00007FF7A9A40000-0x00007FF7A9D8D000-memory.dmp	xmrig
behavioral2/memory/3008-91-0x00007FF6878D0000-0x00007FF687C1D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb3-119.dat	xmrig
behavioral2/files/0x0007000000023cb5-128.dat	xmrig
behavioral2/files/0x000400000001e767-129.dat	xmrig
behavioral2/memory/1352-130-0x00007FF6B73A0000-0x00007FF6B76ED000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb6-138.dat	xmrig
behavioral2/memory/4444-146-0x00007FF7476F0000-0x00007FF747A3D000-memory.dmp	xmrig
behavioral2/memory/668-150-0x00007FF700770000-0x00007FF700ABD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb9-154.dat	xmrig
behavioral2/files/0x0007000000023cba-161.dat	xmrig
behavioral2/memory/1028-162-0x00007FF7145B0000-0x00007FF7148FD000-memory.dmp	xmrig
behavioral2/memory/2780-159-0x00007FF7835B0000-0x00007FF7838FD000-memory.dmp	xmrig
behavioral2/memory/4604-144-0x00007FF69FA80000-0x00007FF69FDCD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cb8-145.dat	xmrig
behavioral2/files/0x0007000000023cb7-143.dat	xmrig
behavioral2/memory/4872-140-0x00007FF673CF0000-0x00007FF67403D000-memory.dmp	xmrig
behavioral2/memory/2304-126-0x00007FF68F880000-0x00007FF68FBCD000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbb-167.dat	xmrig
behavioral2/memory/2108-169-0x00007FF7B5650000-0x00007FF7B599D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbc-172.dat	xmrig
behavioral2/memory/3832-175-0x00007FF60E2F0000-0x00007FF60E63D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbd-179.dat	xmrig
behavioral2/memory/4868-180-0x00007FF6CC3E0000-0x00007FF6CC72D000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cbe-184.dat	xmrig
behavioral2/files/0x0007000000023cbf-191.dat	xmrig
behavioral2/memory/1568-187-0x00007FF6C2360000-0x00007FF6C26AD000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1356	MymBtyf.exe
1480	aFGgsye.exe
380	JtFibiq.exe
4884	AToRJkF.exe
4184	wqGXdit.exe
400	tkrYpcL.exe
744	IMlOKsd.exe
4692	kEwdMih.exe
864	IWaeHGs.exe
428	WYIwfWL.exe
4716	otbhwOE.exe
208	EiFAqvR.exe
2696	KAmucpk.exe
4032	bzIvmcY.exe
3008	LDaSdRr.exe
3688	tYMdqjR.exe
2448	TJlHKeU.exe
4416	QokMILB.exe
912	XeHJDzO.exe
2304	EABImcc.exe
1352	MApByeI.exe
4872	NjlgkWe.exe
4604	WbCarYL.exe
668	rpxVjmg.exe
4444	PXXewKg.exe
2780	GslKCzq.exe
1028	DwkTxkG.exe
2108	UmsfQeA.exe
3832	iivXATb.exe
4868	ogOFijO.exe
1568	hyfnRQm.exe
2140	FeVMpSl.exe
1952	TrctBAw.exe
4984	mpoLnjW.exe
3708	kXPzeGL.exe
1904	DnWnmgN.exe
3996	AkoOqXO.exe
1712	AGMMvYj.exe
3624	qnXGsSJ.exe
1912	RVNUUoS.exe
4496	CldXhwI.exe
4484	jIjOcWt.exe
3228	XQnhVns.exe
4972	uJWhwMs.exe
4348	MOHhrhE.exe
2248	SPYPvLN.exe
1156	aTkCWkR.exe
5060	QnoDVGG.exe
2688	inEkbkV.exe
1444	vUqoLbY.exe
468	KBOoYTS.exe
2364	DeSTYlp.exe
3992	umIQlmz.exe
1060	zlsseWp.exe
4164	bRTqnQy.exe
3244	HJGCIRh.exe
312	BRkSqTx.exe
4464	fCspbFO.exe
2840	XiAuyWY.exe
348	qIPbflS.exe
3208	UkwXHKg.exe
3680	epCFtrV.exe
3384	VfWmeMo.exe
2160	xVpcNcV.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PUCpFZa.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkwXHKg.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzlavoh.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGloCxl.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqehUgP.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjzPucP.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdVsREu.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSPyWSj.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umIQlmz.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZvqMXd.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDaSdRr.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCeUuUs.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGuoXvJ.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWWDiJf.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAmucpk.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psqvTPN.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnMajjH.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWaeHGs.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFRqcWF.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhVGwZX.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYFaHPq.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnRwSJK.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVeSWKr.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGavERo.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYGjhng.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyabxwX.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXoUdIn.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QesQplC.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjciSsZ.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePRWwHU.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEYtgGv.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFNkEvP.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTzbmwK.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwkbQpK.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXEftlM.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcgxogA.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHHangJ.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCspbFO.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WptzXmL.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMmkwPj.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twDDQOg.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogOFijO.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asKPvWB.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fezaxac.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrRwhnW.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvAxNrW.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knJerTz.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNmeWYt.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPAguOd.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzRqbWh.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxyJSFL.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdhGbDh.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpxVjmg.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMZqKkH.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wvdxigx.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAcQhOX.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqBzUAz.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlakUIe.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzjKCwE.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqfBzNP.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrctBAw.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfELzOz.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imziGzZ.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNPEERe.exe	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 1356	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1560 wrote to memory of 1356	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 1560 wrote to memory of 1480	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1560 wrote to memory of 1480	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 1560 wrote to memory of 380	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1560 wrote to memory of 380	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 1560 wrote to memory of 4884	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1560 wrote to memory of 4884	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 1560 wrote to memory of 4184	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1560 wrote to memory of 4184	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 1560 wrote to memory of 400	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1560 wrote to memory of 400	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 1560 wrote to memory of 744	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1560 wrote to memory of 744	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 1560 wrote to memory of 4692	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1560 wrote to memory of 4692	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 1560 wrote to memory of 864	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1560 wrote to memory of 864	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 1560 wrote to memory of 428	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1560 wrote to memory of 428	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 1560 wrote to memory of 4716	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1560 wrote to memory of 4716	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 1560 wrote to memory of 208	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1560 wrote to memory of 208	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 1560 wrote to memory of 2696	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1560 wrote to memory of 2696	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 1560 wrote to memory of 4032	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1560 wrote to memory of 4032	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 1560 wrote to memory of 3008	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1560 wrote to memory of 3008	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 1560 wrote to memory of 3688	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1560 wrote to memory of 3688	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 1560 wrote to memory of 2448	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1560 wrote to memory of 2448	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 1560 wrote to memory of 4416	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1560 wrote to memory of 4416	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 1560 wrote to memory of 912	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1560 wrote to memory of 912	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 1560 wrote to memory of 2304	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1560 wrote to memory of 2304	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 1560 wrote to memory of 1352	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1560 wrote to memory of 1352	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 1560 wrote to memory of 4872	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1560 wrote to memory of 4872	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 1560 wrote to memory of 668	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1560 wrote to memory of 668	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 1560 wrote to memory of 4604	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1560 wrote to memory of 4604	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 1560 wrote to memory of 4444	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1560 wrote to memory of 4444	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 1560 wrote to memory of 2780	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1560 wrote to memory of 2780	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 1560 wrote to memory of 1028	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1560 wrote to memory of 1028	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 1560 wrote to memory of 2108	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1560 wrote to memory of 2108	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 1560 wrote to memory of 3832	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1560 wrote to memory of 3832	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 1560 wrote to memory of 4868	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1560 wrote to memory of 4868	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 1560 wrote to memory of 1568	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1560 wrote to memory of 1568	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 1560 wrote to memory of 2140	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 1560 wrote to memory of 2140	1560	2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe	115

C:\Users\Admin\AppData\Local\Temp\2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_3b05c447f43a88cc8fadd401176183f0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Windows\System\MymBtyf.exe
  C:\Windows\System\MymBtyf.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\aFGgsye.exe
  C:\Windows\System\aFGgsye.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\JtFibiq.exe
  C:\Windows\System\JtFibiq.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\AToRJkF.exe
  C:\Windows\System\AToRJkF.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\wqGXdit.exe
  C:\Windows\System\wqGXdit.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\tkrYpcL.exe
  C:\Windows\System\tkrYpcL.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\IMlOKsd.exe
  C:\Windows\System\IMlOKsd.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\kEwdMih.exe
  C:\Windows\System\kEwdMih.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\IWaeHGs.exe
  C:\Windows\System\IWaeHGs.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\WYIwfWL.exe
  C:\Windows\System\WYIwfWL.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\otbhwOE.exe
  C:\Windows\System\otbhwOE.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\EiFAqvR.exe
  C:\Windows\System\EiFAqvR.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\KAmucpk.exe
  C:\Windows\System\KAmucpk.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\bzIvmcY.exe
  C:\Windows\System\bzIvmcY.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\LDaSdRr.exe
  C:\Windows\System\LDaSdRr.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\tYMdqjR.exe
  C:\Windows\System\tYMdqjR.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\TJlHKeU.exe
  C:\Windows\System\TJlHKeU.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\QokMILB.exe
  C:\Windows\System\QokMILB.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\XeHJDzO.exe
  C:\Windows\System\XeHJDzO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\EABImcc.exe
  C:\Windows\System\EABImcc.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\MApByeI.exe
  C:\Windows\System\MApByeI.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\NjlgkWe.exe
  C:\Windows\System\NjlgkWe.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\rpxVjmg.exe
  C:\Windows\System\rpxVjmg.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\WbCarYL.exe
  C:\Windows\System\WbCarYL.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\PXXewKg.exe
  C:\Windows\System\PXXewKg.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\GslKCzq.exe
  C:\Windows\System\GslKCzq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\DwkTxkG.exe
  C:\Windows\System\DwkTxkG.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\UmsfQeA.exe
  C:\Windows\System\UmsfQeA.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\iivXATb.exe
  C:\Windows\System\iivXATb.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\ogOFijO.exe
  C:\Windows\System\ogOFijO.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\hyfnRQm.exe
  C:\Windows\System\hyfnRQm.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\FeVMpSl.exe
  C:\Windows\System\FeVMpSl.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\TrctBAw.exe
  C:\Windows\System\TrctBAw.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\mpoLnjW.exe
  C:\Windows\System\mpoLnjW.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\kXPzeGL.exe
  C:\Windows\System\kXPzeGL.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\DnWnmgN.exe
  C:\Windows\System\DnWnmgN.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\AkoOqXO.exe
  C:\Windows\System\AkoOqXO.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\AGMMvYj.exe
  C:\Windows\System\AGMMvYj.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\qnXGsSJ.exe
  C:\Windows\System\qnXGsSJ.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\RVNUUoS.exe
  C:\Windows\System\RVNUUoS.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\CldXhwI.exe
  C:\Windows\System\CldXhwI.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\jIjOcWt.exe
  C:\Windows\System\jIjOcWt.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\XQnhVns.exe
  C:\Windows\System\XQnhVns.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\uJWhwMs.exe
  C:\Windows\System\uJWhwMs.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\MOHhrhE.exe
  C:\Windows\System\MOHhrhE.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\SPYPvLN.exe
  C:\Windows\System\SPYPvLN.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\aTkCWkR.exe
  C:\Windows\System\aTkCWkR.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\QnoDVGG.exe
  C:\Windows\System\QnoDVGG.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\inEkbkV.exe
  C:\Windows\System\inEkbkV.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vUqoLbY.exe
  C:\Windows\System\vUqoLbY.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\KBOoYTS.exe
  C:\Windows\System\KBOoYTS.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\DeSTYlp.exe
  C:\Windows\System\DeSTYlp.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\umIQlmz.exe
  C:\Windows\System\umIQlmz.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\zlsseWp.exe
  C:\Windows\System\zlsseWp.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\bRTqnQy.exe
  C:\Windows\System\bRTqnQy.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\HJGCIRh.exe
  C:\Windows\System\HJGCIRh.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\BRkSqTx.exe
  C:\Windows\System\BRkSqTx.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\fCspbFO.exe
  C:\Windows\System\fCspbFO.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\XiAuyWY.exe
  C:\Windows\System\XiAuyWY.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\qIPbflS.exe
  C:\Windows\System\qIPbflS.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\UkwXHKg.exe
  C:\Windows\System\UkwXHKg.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\epCFtrV.exe
  C:\Windows\System\epCFtrV.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\VfWmeMo.exe
  C:\Windows\System\VfWmeMo.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\xVpcNcV.exe
  C:\Windows\System\xVpcNcV.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\iKGfPMd.exe
  C:\Windows\System\iKGfPMd.exe
  2⤵
  PID:2740
- C:\Windows\System\qWrmjXs.exe
  C:\Windows\System\qWrmjXs.exe
  2⤵
  PID:2964
- C:\Windows\System\rfikvyx.exe
  C:\Windows\System\rfikvyx.exe
  2⤵
  PID:800
- C:\Windows\System\GFRqcWF.exe
  C:\Windows\System\GFRqcWF.exe
  2⤵
  PID:2080
- C:\Windows\System\psqvTPN.exe
  C:\Windows\System\psqvTPN.exe
  2⤵
  PID:1956
- C:\Windows\System\TnRwSJK.exe
  C:\Windows\System\TnRwSJK.exe
  2⤵
  PID:1692
- C:\Windows\System\DBYnVgJ.exe
  C:\Windows\System\DBYnVgJ.exe
  2⤵
  PID:3180
- C:\Windows\System\ICktRjR.exe
  C:\Windows\System\ICktRjR.exe
  2⤵
  PID:4536
- C:\Windows\System\hrFCRYD.exe
  C:\Windows\System\hrFCRYD.exe
  2⤵
  PID:4196
- C:\Windows\System\luHSrzs.exe
  C:\Windows\System\luHSrzs.exe
  2⤵
  PID:1420
- C:\Windows\System\ffKnCGf.exe
  C:\Windows\System\ffKnCGf.exe
  2⤵
  PID:3472
- C:\Windows\System\bxernFZ.exe
  C:\Windows\System\bxernFZ.exe
  2⤵
  PID:2012
- C:\Windows\System\PlYovgF.exe
  C:\Windows\System\PlYovgF.exe
  2⤵
  PID:4380
- C:\Windows\System\bqlhudD.exe
  C:\Windows\System\bqlhudD.exe
  2⤵
  PID:3112
- C:\Windows\System\QDTkOXe.exe
  C:\Windows\System\QDTkOXe.exe
  2⤵
  PID:3068
- C:\Windows\System\dUpiGpg.exe
  C:\Windows\System\dUpiGpg.exe
  2⤵
  PID:2268
- C:\Windows\System\WptzXmL.exe
  C:\Windows\System\WptzXmL.exe
  2⤵
  PID:4480
- C:\Windows\System\pDDSytJ.exe
  C:\Windows\System\pDDSytJ.exe
  2⤵
  PID:4024
- C:\Windows\System\RMXFQCt.exe
  C:\Windows\System\RMXFQCt.exe
  2⤵
  PID:3376
- C:\Windows\System\xMgZxyM.exe
  C:\Windows\System\xMgZxyM.exe
  2⤵
  PID:3052
- C:\Windows\System\mTFceHN.exe
  C:\Windows\System\mTFceHN.exe
  2⤵
  PID:2520
- C:\Windows\System\UpwXTta.exe
  C:\Windows\System\UpwXTta.exe
  2⤵
  PID:2828
- C:\Windows\System\hSyyVNl.exe
  C:\Windows\System\hSyyVNl.exe
  2⤵
  PID:3664
- C:\Windows\System\JPvqCmd.exe
  C:\Windows\System\JPvqCmd.exe
  2⤵
  PID:4840
- C:\Windows\System\uNghtsN.exe
  C:\Windows\System\uNghtsN.exe
  2⤵
  PID:4812
- C:\Windows\System\oBuaBCG.exe
  C:\Windows\System\oBuaBCG.exe
  2⤵
  PID:3864
- C:\Windows\System\laumWZQ.exe
  C:\Windows\System\laumWZQ.exe
  2⤵
  PID:220
- C:\Windows\System\qJHZQjC.exe
  C:\Windows\System\qJHZQjC.exe
  2⤵
  PID:752
- C:\Windows\System\RtCmtXF.exe
  C:\Windows\System\RtCmtXF.exe
  2⤵
  PID:3988
- C:\Windows\System\TIcWQPM.exe
  C:\Windows\System\TIcWQPM.exe
  2⤵
  PID:4368
- C:\Windows\System\cydLHhC.exe
  C:\Windows\System\cydLHhC.exe
  2⤵
  PID:644
- C:\Windows\System\CIxRuck.exe
  C:\Windows\System\CIxRuck.exe
  2⤵
  PID:4968
- C:\Windows\System\RILVtgy.exe
  C:\Windows\System\RILVtgy.exe
  2⤵
  PID:244
- C:\Windows\System\nkrslUW.exe
  C:\Windows\System\nkrslUW.exe
  2⤵
  PID:1540
- C:\Windows\System\IAcQhOX.exe
  C:\Windows\System\IAcQhOX.exe
  2⤵
  PID:4996
- C:\Windows\System\quumXwq.exe
  C:\Windows\System\quumXwq.exe
  2⤵
  PID:2060
- C:\Windows\System\JTbDtJJ.exe
  C:\Windows\System\JTbDtJJ.exe
  2⤵
  PID:4008
- C:\Windows\System\eaaCKgK.exe
  C:\Windows\System\eaaCKgK.exe
  2⤵
  PID:3084
- C:\Windows\System\sgQojaL.exe
  C:\Windows\System\sgQojaL.exe
  2⤵
  PID:2988
- C:\Windows\System\rqBzUAz.exe
  C:\Windows\System\rqBzUAz.exe
  2⤵
  PID:4992
- C:\Windows\System\KGxbLvy.exe
  C:\Windows\System\KGxbLvy.exe
  2⤵
  PID:4520
- C:\Windows\System\WbguYRC.exe
  C:\Windows\System\WbguYRC.exe
  2⤵
  PID:1456
- C:\Windows\System\TPxkDEv.exe
  C:\Windows\System\TPxkDEv.exe
  2⤵
  PID:4396
- C:\Windows\System\nrRwhnW.exe
  C:\Windows\System\nrRwhnW.exe
  2⤵
  PID:3064
- C:\Windows\System\PeyzVku.exe
  C:\Windows\System\PeyzVku.exe
  2⤵
  PID:988
- C:\Windows\System\JxyJSFL.exe
  C:\Windows\System\JxyJSFL.exe
  2⤵
  PID:2748
- C:\Windows\System\gJYWBJo.exe
  C:\Windows\System\gJYWBJo.exe
  2⤵
  PID:3704
- C:\Windows\System\YgTuCeg.exe
  C:\Windows\System\YgTuCeg.exe
  2⤵
  PID:5140
- C:\Windows\System\mYYVlXs.exe
  C:\Windows\System\mYYVlXs.exe
  2⤵
  PID:5172
- C:\Windows\System\WaxmQEt.exe
  C:\Windows\System\WaxmQEt.exe
  2⤵
  PID:5204
- C:\Windows\System\qWfUzCO.exe
  C:\Windows\System\qWfUzCO.exe
  2⤵
  PID:5244
- C:\Windows\System\lepuZpt.exe
  C:\Windows\System\lepuZpt.exe
  2⤵
  PID:5268
- C:\Windows\System\HyLVWIs.exe
  C:\Windows\System\HyLVWIs.exe
  2⤵
  PID:5308
- C:\Windows\System\bJGcLPh.exe
  C:\Windows\System\bJGcLPh.exe
  2⤵
  PID:5340
- C:\Windows\System\pzqvxwG.exe
  C:\Windows\System\pzqvxwG.exe
  2⤵
  PID:5376
- C:\Windows\System\PXnWOmo.exe
  C:\Windows\System\PXnWOmo.exe
  2⤵
  PID:5400
- C:\Windows\System\vaqVPBE.exe
  C:\Windows\System\vaqVPBE.exe
  2⤵
  PID:5432
- C:\Windows\System\BwYhLBW.exe
  C:\Windows\System\BwYhLBW.exe
  2⤵
  PID:5468
- C:\Windows\System\hwkbQpK.exe
  C:\Windows\System\hwkbQpK.exe
  2⤵
  PID:5508
- C:\Windows\System\ebXVGTC.exe
  C:\Windows\System\ebXVGTC.exe
  2⤵
  PID:5540
- C:\Windows\System\BWLFzGY.exe
  C:\Windows\System\BWLFzGY.exe
  2⤵
  PID:5564
- C:\Windows\System\nQRXfAN.exe
  C:\Windows\System\nQRXfAN.exe
  2⤵
  PID:5596
- C:\Windows\System\gkXQKbU.exe
  C:\Windows\System\gkXQKbU.exe
  2⤵
  PID:5628
- C:\Windows\System\ePRWwHU.exe
  C:\Windows\System\ePRWwHU.exe
  2⤵
  PID:5668
- C:\Windows\System\VlwwVaf.exe
  C:\Windows\System\VlwwVaf.exe
  2⤵
  PID:5700
- C:\Windows\System\RoeqVco.exe
  C:\Windows\System\RoeqVco.exe
  2⤵
  PID:5732
- C:\Windows\System\RGfoVJq.exe
  C:\Windows\System\RGfoVJq.exe
  2⤵
  PID:5764
- C:\Windows\System\CBgPLcz.exe
  C:\Windows\System\CBgPLcz.exe
  2⤵
  PID:5796
- C:\Windows\System\tXDNEiw.exe
  C:\Windows\System\tXDNEiw.exe
  2⤵
  PID:5828
- C:\Windows\System\CYqxzbC.exe
  C:\Windows\System\CYqxzbC.exe
  2⤵
  PID:5852
- C:\Windows\System\pxTQAgl.exe
  C:\Windows\System\pxTQAgl.exe
  2⤵
  PID:5884
- C:\Windows\System\xRwXvSs.exe
  C:\Windows\System\xRwXvSs.exe
  2⤵
  PID:5920
- C:\Windows\System\EgCODsq.exe
  C:\Windows\System\EgCODsq.exe
  2⤵
  PID:5948
- C:\Windows\System\gxrOgAZ.exe
  C:\Windows\System\gxrOgAZ.exe
  2⤵
  PID:5992
- C:\Windows\System\OWKrlVW.exe
  C:\Windows\System\OWKrlVW.exe
  2⤵
  PID:6016
- C:\Windows\System\zHHangJ.exe
  C:\Windows\System\zHHangJ.exe
  2⤵
  PID:6048
- C:\Windows\System\kQXBcLo.exe
  C:\Windows\System\kQXBcLo.exe
  2⤵
  PID:6080
- C:\Windows\System\ZAIcxPr.exe
  C:\Windows\System\ZAIcxPr.exe
  2⤵
  PID:6120
- C:\Windows\System\PXyeWrl.exe
  C:\Windows\System\PXyeWrl.exe
  2⤵
  PID:5128
- C:\Windows\System\cGSiQTi.exe
  C:\Windows\System\cGSiQTi.exe
  2⤵
  PID:5184
- C:\Windows\System\TnMajjH.exe
  C:\Windows\System\TnMajjH.exe
  2⤵
  PID:5260
- C:\Windows\System\SwWjpab.exe
  C:\Windows\System\SwWjpab.exe
  2⤵
  PID:5316
- C:\Windows\System\WLccOIa.exe
  C:\Windows\System\WLccOIa.exe
  2⤵
  PID:5384
- C:\Windows\System\seDKgRt.exe
  C:\Windows\System\seDKgRt.exe
  2⤵
  PID:5444
- C:\Windows\System\HgWacqw.exe
  C:\Windows\System\HgWacqw.exe
  2⤵
  PID:5492
- C:\Windows\System\BmWZxRD.exe
  C:\Windows\System\BmWZxRD.exe
  2⤵
  PID:5324
- C:\Windows\System\ZzSafRk.exe
  C:\Windows\System\ZzSafRk.exe
  2⤵
  PID:5576
- C:\Windows\System\LRwBzWZ.exe
  C:\Windows\System\LRwBzWZ.exe
  2⤵
  PID:5640
- C:\Windows\System\ruHllvz.exe
  C:\Windows\System\ruHllvz.exe
  2⤵
  PID:5708
- C:\Windows\System\enUcpEh.exe
  C:\Windows\System\enUcpEh.exe
  2⤵
  PID:5772
- C:\Windows\System\vRIrAKh.exe
  C:\Windows\System\vRIrAKh.exe
  2⤵
  PID:5816
- C:\Windows\System\kokvnxw.exe
  C:\Windows\System\kokvnxw.exe
  2⤵
  PID:5872
- C:\Windows\System\oierAGF.exe
  C:\Windows\System\oierAGF.exe
  2⤵
  PID:5940
- C:\Windows\System\bDVDutJ.exe
  C:\Windows\System\bDVDutJ.exe
  2⤵
  PID:6028
- C:\Windows\System\RyZzBfT.exe
  C:\Windows\System\RyZzBfT.exe
  2⤵
  PID:6076
- C:\Windows\System\yGftWFX.exe
  C:\Windows\System\yGftWFX.exe
  2⤵
  PID:6140
- C:\Windows\System\lAtANOh.exe
  C:\Windows\System\lAtANOh.exe
  2⤵
  PID:5280
- C:\Windows\System\odFMpvo.exe
  C:\Windows\System\odFMpvo.exe
  2⤵
  PID:5396
- C:\Windows\System\jxmQOga.exe
  C:\Windows\System\jxmQOga.exe
  2⤵
  PID:5496
- C:\Windows\System\GUdMQWU.exe
  C:\Windows\System\GUdMQWU.exe
  2⤵
  PID:5560
- C:\Windows\System\lLWOKTD.exe
  C:\Windows\System\lLWOKTD.exe
  2⤵
  PID:5740
- C:\Windows\System\DlakUIe.exe
  C:\Windows\System\DlakUIe.exe
  2⤵
  PID:5868
- C:\Windows\System\NvAxNrW.exe
  C:\Windows\System\NvAxNrW.exe
  2⤵
  PID:5960
- C:\Windows\System\lLqRmfn.exe
  C:\Windows\System\lLqRmfn.exe
  2⤵
  PID:6060
- C:\Windows\System\baostfs.exe
  C:\Windows\System\baostfs.exe
  2⤵
  PID:5292
- C:\Windows\System\sbuXujd.exe
  C:\Windows\System\sbuXujd.exe
  2⤵
  PID:5476
- C:\Windows\System\NrPgfkU.exe
  C:\Windows\System\NrPgfkU.exe
  2⤵
  PID:5620
- C:\Windows\System\TFzjtSk.exe
  C:\Windows\System\TFzjtSk.exe
  2⤵
  PID:5848
- C:\Windows\System\RnVOkqq.exe
  C:\Windows\System\RnVOkqq.exe
  2⤵
  PID:6128
- C:\Windows\System\mrKUFzR.exe
  C:\Windows\System\mrKUFzR.exe
  2⤵
  PID:4552
- C:\Windows\System\gGbibEU.exe
  C:\Windows\System\gGbibEU.exe
  2⤵
  PID:6040
- C:\Windows\System\PSmzZhN.exe
  C:\Windows\System\PSmzZhN.exe
  2⤵
  PID:5784
- C:\Windows\System\DIGrvGA.exe
  C:\Windows\System\DIGrvGA.exe
  2⤵
  PID:5980
- C:\Windows\System\ZtFJGJc.exe
  C:\Windows\System\ZtFJGJc.exe
  2⤵
  PID:6184
- C:\Windows\System\asPmpbA.exe
  C:\Windows\System\asPmpbA.exe
  2⤵
  PID:6220
- C:\Windows\System\BGWNSXq.exe
  C:\Windows\System\BGWNSXq.exe
  2⤵
  PID:6248
- C:\Windows\System\dfmQEFK.exe
  C:\Windows\System\dfmQEFK.exe
  2⤵
  PID:6296
- C:\Windows\System\NYYNLWm.exe
  C:\Windows\System\NYYNLWm.exe
  2⤵
  PID:6312
- C:\Windows\System\vjzPucP.exe
  C:\Windows\System\vjzPucP.exe
  2⤵
  PID:6352
- C:\Windows\System\fLZYmWu.exe
  C:\Windows\System\fLZYmWu.exe
  2⤵
  PID:6376
- C:\Windows\System\jnWMDlo.exe
  C:\Windows\System\jnWMDlo.exe
  2⤵
  PID:6408
- C:\Windows\System\qvUwcBs.exe
  C:\Windows\System\qvUwcBs.exe
  2⤵
  PID:6452
- C:\Windows\System\jXVlHHm.exe
  C:\Windows\System\jXVlHHm.exe
  2⤵
  PID:6508
- C:\Windows\System\UBaXdSb.exe
  C:\Windows\System\UBaXdSb.exe
  2⤵
  PID:6544
- C:\Windows\System\BOjqBVK.exe
  C:\Windows\System\BOjqBVK.exe
  2⤵
  PID:6572
- C:\Windows\System\mXMQBiR.exe
  C:\Windows\System\mXMQBiR.exe
  2⤵
  PID:6612
- C:\Windows\System\tFzGGXV.exe
  C:\Windows\System\tFzGGXV.exe
  2⤵
  PID:6652
- C:\Windows\System\yGwqAqd.exe
  C:\Windows\System\yGwqAqd.exe
  2⤵
  PID:6708
- C:\Windows\System\qeBGOiy.exe
  C:\Windows\System\qeBGOiy.exe
  2⤵
  PID:6768
- C:\Windows\System\YkFVHPI.exe
  C:\Windows\System\YkFVHPI.exe
  2⤵
  PID:6812
- C:\Windows\System\fmtfQTi.exe
  C:\Windows\System\fmtfQTi.exe
  2⤵
  PID:6844
- C:\Windows\System\XpKPOoJ.exe
  C:\Windows\System\XpKPOoJ.exe
  2⤵
  PID:6888
- C:\Windows\System\tDAphpq.exe
  C:\Windows\System\tDAphpq.exe
  2⤵
  PID:6920
- C:\Windows\System\nRORDqO.exe
  C:\Windows\System\nRORDqO.exe
  2⤵
  PID:6972
- C:\Windows\System\UwAqyWC.exe
  C:\Windows\System\UwAqyWC.exe
  2⤵
  PID:7004
- C:\Windows\System\IZSgTJx.exe
  C:\Windows\System\IZSgTJx.exe
  2⤵
  PID:7036
- C:\Windows\System\YPKvYRe.exe
  C:\Windows\System\YPKvYRe.exe
  2⤵
  PID:7068
- C:\Windows\System\miLcyjj.exe
  C:\Windows\System\miLcyjj.exe
  2⤵
  PID:7104
- C:\Windows\System\FLDdGHP.exe
  C:\Windows\System\FLDdGHP.exe
  2⤵
  PID:7136
- C:\Windows\System\CIBJugD.exe
  C:\Windows\System\CIBJugD.exe
  2⤵
  PID:6148
- C:\Windows\System\sUOfihZ.exe
  C:\Windows\System\sUOfihZ.exe
  2⤵
  PID:6200
- C:\Windows\System\QZpWYGL.exe
  C:\Windows\System\QZpWYGL.exe
  2⤵
  PID:6264
- C:\Windows\System\sGhpCsd.exe
  C:\Windows\System\sGhpCsd.exe
  2⤵
  PID:6324
- C:\Windows\System\DYcQULq.exe
  C:\Windows\System\DYcQULq.exe
  2⤵
  PID:2852
- C:\Windows\System\tlpquZX.exe
  C:\Windows\System\tlpquZX.exe
  2⤵
  PID:6448
- C:\Windows\System\XKDCzek.exe
  C:\Windows\System\XKDCzek.exe
  2⤵
  PID:6476
- C:\Windows\System\sDlBqdR.exe
  C:\Windows\System\sDlBqdR.exe
  2⤵
  PID:6588
- C:\Windows\System\hEnfyNK.exe
  C:\Windows\System\hEnfyNK.exe
  2⤵
  PID:6700
- C:\Windows\System\UpEynVa.exe
  C:\Windows\System\UpEynVa.exe
  2⤵
  PID:6820
- C:\Windows\System\DaPwHjE.exe
  C:\Windows\System\DaPwHjE.exe
  2⤵
  PID:448
- C:\Windows\System\jXxaYCz.exe
  C:\Windows\System\jXxaYCz.exe
  2⤵
  PID:6904
- C:\Windows\System\QziySWI.exe
  C:\Windows\System\QziySWI.exe
  2⤵
  PID:6948
- C:\Windows\System\aOdoFbJ.exe
  C:\Windows\System\aOdoFbJ.exe
  2⤵
  PID:7032
- C:\Windows\System\TbXTXtO.exe
  C:\Windows\System\TbXTXtO.exe
  2⤵
  PID:2680
- C:\Windows\System\tFrrZBY.exe
  C:\Windows\System\tFrrZBY.exe
  2⤵
  PID:6168
- C:\Windows\System\VhxNCpb.exe
  C:\Windows\System\VhxNCpb.exe
  2⤵
  PID:6260
- C:\Windows\System\SgauhJx.exe
  C:\Windows\System\SgauhJx.exe
  2⤵
  PID:6340
- C:\Windows\System\dhlUIjU.exe
  C:\Windows\System\dhlUIjU.exe
  2⤵
  PID:6504
- C:\Windows\System\nYgjzCY.exe
  C:\Windows\System\nYgjzCY.exe
  2⤵
  PID:6736
- C:\Windows\System\qqhCXlU.exe
  C:\Windows\System\qqhCXlU.exe
  2⤵
  PID:6872
- C:\Windows\System\zMdUsoA.exe
  C:\Windows\System\zMdUsoA.exe
  2⤵
  PID:6988
- C:\Windows\System\YHlVrCs.exe
  C:\Windows\System\YHlVrCs.exe
  2⤵
  PID:7116
- C:\Windows\System\zEZVAaD.exe
  C:\Windows\System\zEZVAaD.exe
  2⤵
  PID:6228
- C:\Windows\System\cpLYZEn.exe
  C:\Windows\System\cpLYZEn.exe
  2⤵
  PID:6568
- C:\Windows\System\dQKjljM.exe
  C:\Windows\System\dQKjljM.exe
  2⤵
  PID:6932
- C:\Windows\System\IXtzeiW.exe
  C:\Windows\System\IXtzeiW.exe
  2⤵
  PID:7084
- C:\Windows\System\vCaTLmV.exe
  C:\Windows\System\vCaTLmV.exe
  2⤵
  PID:3648
- C:\Windows\System\PerYBRR.exe
  C:\Windows\System\PerYBRR.exe
  2⤵
  PID:6728
- C:\Windows\System\PVlUmQa.exe
  C:\Windows\System\PVlUmQa.exe
  2⤵
  PID:7172
- C:\Windows\System\yzdCVIn.exe
  C:\Windows\System\yzdCVIn.exe
  2⤵
  PID:7208
- C:\Windows\System\sAeLxwh.exe
  C:\Windows\System\sAeLxwh.exe
  2⤵
  PID:7240
- C:\Windows\System\ABTvkfE.exe
  C:\Windows\System\ABTvkfE.exe
  2⤵
  PID:7272
- C:\Windows\System\HigElrF.exe
  C:\Windows\System\HigElrF.exe
  2⤵
  PID:7304
- C:\Windows\System\UslqwTb.exe
  C:\Windows\System\UslqwTb.exe
  2⤵
  PID:7324
- C:\Windows\System\OmoWhnB.exe
  C:\Windows\System\OmoWhnB.exe
  2⤵
  PID:7364
- C:\Windows\System\OpzyJCx.exe
  C:\Windows\System\OpzyJCx.exe
  2⤵
  PID:7400
- C:\Windows\System\KbHAErY.exe
  C:\Windows\System\KbHAErY.exe
  2⤵
  PID:7432
- C:\Windows\System\rxyPihv.exe
  C:\Windows\System\rxyPihv.exe
  2⤵
  PID:7480
- C:\Windows\System\pzlavoh.exe
  C:\Windows\System\pzlavoh.exe
  2⤵
  PID:7496
- C:\Windows\System\biOMuWs.exe
  C:\Windows\System\biOMuWs.exe
  2⤵
  PID:7528
- C:\Windows\System\FRiNguo.exe
  C:\Windows\System\FRiNguo.exe
  2⤵
  PID:7548
- C:\Windows\System\AqTtPOA.exe
  C:\Windows\System\AqTtPOA.exe
  2⤵
  PID:7576
- C:\Windows\System\EDXAfKc.exe
  C:\Windows\System\EDXAfKc.exe
  2⤵
  PID:7612
- C:\Windows\System\zkEMHlm.exe
  C:\Windows\System\zkEMHlm.exe
  2⤵
  PID:7640
- C:\Windows\System\ITVEPpx.exe
  C:\Windows\System\ITVEPpx.exe
  2⤵
  PID:7688
- C:\Windows\System\DPRxDER.exe
  C:\Windows\System\DPRxDER.exe
  2⤵
  PID:7720
- C:\Windows\System\QgbtcgR.exe
  C:\Windows\System\QgbtcgR.exe
  2⤵
  PID:7756
- C:\Windows\System\XyItsqt.exe
  C:\Windows\System\XyItsqt.exe
  2⤵
  PID:7788
- C:\Windows\System\hKkEMWO.exe
  C:\Windows\System\hKkEMWO.exe
  2⤵
  PID:7824
- C:\Windows\System\rRYNTJu.exe
  C:\Windows\System\rRYNTJu.exe
  2⤵
  PID:7856
- C:\Windows\System\sCVFCdz.exe
  C:\Windows\System\sCVFCdz.exe
  2⤵
  PID:7888
- C:\Windows\System\arlpeYN.exe
  C:\Windows\System\arlpeYN.exe
  2⤵
  PID:7920
- C:\Windows\System\tPFAnTO.exe
  C:\Windows\System\tPFAnTO.exe
  2⤵
  PID:7952
- C:\Windows\System\iURlIaG.exe
  C:\Windows\System\iURlIaG.exe
  2⤵
  PID:7984
- C:\Windows\System\wXEftlM.exe
  C:\Windows\System\wXEftlM.exe
  2⤵
  PID:8016
- C:\Windows\System\WAvJgxY.exe
  C:\Windows\System\WAvJgxY.exe
  2⤵
  PID:8048
- C:\Windows\System\xFqIZEC.exe
  C:\Windows\System\xFqIZEC.exe
  2⤵
  PID:8080
- C:\Windows\System\CkYqGTC.exe
  C:\Windows\System\CkYqGTC.exe
  2⤵
  PID:8100
- C:\Windows\System\hSDnAxE.exe
  C:\Windows\System\hSDnAxE.exe
  2⤵
  PID:8144
- C:\Windows\System\gSHSNTd.exe
  C:\Windows\System\gSHSNTd.exe
  2⤵
  PID:8176
- C:\Windows\System\iGtPVqX.exe
  C:\Windows\System\iGtPVqX.exe
  2⤵
  PID:7204
- C:\Windows\System\oLIRPiZ.exe
  C:\Windows\System\oLIRPiZ.exe
  2⤵
  PID:7232
- C:\Windows\System\zVJZQEq.exe
  C:\Windows\System\zVJZQEq.exe
  2⤵
  PID:7332
- C:\Windows\System\tQPEieA.exe
  C:\Windows\System\tQPEieA.exe
  2⤵
  PID:7392
- C:\Windows\System\kBiAatV.exe
  C:\Windows\System\kBiAatV.exe
  2⤵
  PID:7444
- C:\Windows\System\FKeoyWY.exe
  C:\Windows\System\FKeoyWY.exe
  2⤵
  PID:6180
- C:\Windows\System\icdnKtS.exe
  C:\Windows\System\icdnKtS.exe
  2⤵
  PID:7512
- C:\Windows\System\yECwxbB.exe
  C:\Windows\System\yECwxbB.exe
  2⤵
  PID:7560
- C:\Windows\System\BeWOlcv.exe
  C:\Windows\System\BeWOlcv.exe
  2⤵
  PID:7664
- C:\Windows\System\joXmtFs.exe
  C:\Windows\System\joXmtFs.exe
  2⤵
  PID:7772
- C:\Windows\System\FNzMMtT.exe
  C:\Windows\System\FNzMMtT.exe
  2⤵
  PID:7836
- C:\Windows\System\rErwRuo.exe
  C:\Windows\System\rErwRuo.exe
  2⤵
  PID:7912
- C:\Windows\System\dMmkwPj.exe
  C:\Windows\System\dMmkwPj.exe
  2⤵
  PID:7968
- C:\Windows\System\zGtyxZu.exe
  C:\Windows\System\zGtyxZu.exe
  2⤵
  PID:8072
- C:\Windows\System\iyabxwX.exe
  C:\Windows\System\iyabxwX.exe
  2⤵
  PID:8108
- C:\Windows\System\Wvdxigx.exe
  C:\Windows\System\Wvdxigx.exe
  2⤵
  PID:8188
- C:\Windows\System\SSlYBUQ.exe
  C:\Windows\System\SSlYBUQ.exe
  2⤵
  PID:7256
- C:\Windows\System\wkaVjCr.exe
  C:\Windows\System\wkaVjCr.exe
  2⤵
  PID:7356
- C:\Windows\System\uJbYbMv.exe
  C:\Windows\System\uJbYbMv.exe
  2⤵
  PID:6956
- C:\Windows\System\LyszMlj.exe
  C:\Windows\System\LyszMlj.exe
  2⤵
  PID:7536
- C:\Windows\System\PfELzOz.exe
  C:\Windows\System\PfELzOz.exe
  2⤵
  PID:7740
- C:\Windows\System\MSPyWSj.exe
  C:\Windows\System\MSPyWSj.exe
  2⤵
  PID:7868
- C:\Windows\System\OipXBqe.exe
  C:\Windows\System\OipXBqe.exe
  2⤵
  PID:7744
- C:\Windows\System\BnvqCRz.exe
  C:\Windows\System\BnvqCRz.exe
  2⤵
  PID:8096
- C:\Windows\System\KaMAzUI.exe
  C:\Windows\System\KaMAzUI.exe
  2⤵
  PID:7224
- C:\Windows\System\gqNcOxE.exe
  C:\Windows\System\gqNcOxE.exe
  2⤵
  PID:7460
- C:\Windows\System\hQUpgDP.exe
  C:\Windows\System\hQUpgDP.exe
  2⤵
  PID:7704
- C:\Windows\System\AynHRXa.exe
  C:\Windows\System\AynHRXa.exe
  2⤵
  PID:7932
- C:\Windows\System\xKGPZns.exe
  C:\Windows\System\xKGPZns.exe
  2⤵
  PID:1252
- C:\Windows\System\UAbJYNf.exe
  C:\Windows\System\UAbJYNf.exe
  2⤵
  PID:7776
- C:\Windows\System\mkfMhdN.exe
  C:\Windows\System\mkfMhdN.exe
  2⤵
  PID:7424
- C:\Windows\System\YeRitfH.exe
  C:\Windows\System\YeRitfH.exe
  2⤵
  PID:7556
- C:\Windows\System\PDVFKvW.exe
  C:\Windows\System\PDVFKvW.exe
  2⤵
  PID:8216
- C:\Windows\System\kmccmIg.exe
  C:\Windows\System\kmccmIg.exe
  2⤵
  PID:8244
- C:\Windows\System\ueyEAmL.exe
  C:\Windows\System\ueyEAmL.exe
  2⤵
  PID:8284
- C:\Windows\System\SpxuPlI.exe
  C:\Windows\System\SpxuPlI.exe
  2⤵
  PID:8312
- C:\Windows\System\htQYEnq.exe
  C:\Windows\System\htQYEnq.exe
  2⤵
  PID:8340
- C:\Windows\System\wMzwOsb.exe
  C:\Windows\System\wMzwOsb.exe
  2⤵
  PID:8408
- C:\Windows\System\RSwLevO.exe
  C:\Windows\System\RSwLevO.exe
  2⤵
  PID:8436
- C:\Windows\System\YRbPfkP.exe
  C:\Windows\System\YRbPfkP.exe
  2⤵
  PID:8452
- C:\Windows\System\vFuOxZt.exe
  C:\Windows\System\vFuOxZt.exe
  2⤵
  PID:8492
- C:\Windows\System\tHXTsIQ.exe
  C:\Windows\System\tHXTsIQ.exe
  2⤵
  PID:8536
- C:\Windows\System\cTjkDDM.exe
  C:\Windows\System\cTjkDDM.exe
  2⤵
  PID:8576
- C:\Windows\System\WwRbadK.exe
  C:\Windows\System\WwRbadK.exe
  2⤵
  PID:8620
- C:\Windows\System\WZfrCFE.exe
  C:\Windows\System\WZfrCFE.exe
  2⤵
  PID:8656
- C:\Windows\System\JfVOWfW.exe
  C:\Windows\System\JfVOWfW.exe
  2⤵
  PID:8696
- C:\Windows\System\eZScwhC.exe
  C:\Windows\System\eZScwhC.exe
  2⤵
  PID:8732
- C:\Windows\System\imziGzZ.exe
  C:\Windows\System\imziGzZ.exe
  2⤵
  PID:8776
- C:\Windows\System\QeXvznq.exe
  C:\Windows\System\QeXvznq.exe
  2⤵
  PID:8796
- C:\Windows\System\EZGQDGY.exe
  C:\Windows\System\EZGQDGY.exe
  2⤵
  PID:8840
- C:\Windows\System\NZUIbxC.exe
  C:\Windows\System\NZUIbxC.exe
  2⤵
  PID:8864
- C:\Windows\System\VScUmLH.exe
  C:\Windows\System\VScUmLH.exe
  2⤵
  PID:8880
- C:\Windows\System\dYRkdEW.exe
  C:\Windows\System\dYRkdEW.exe
  2⤵
  PID:8924
- C:\Windows\System\htESQNb.exe
  C:\Windows\System\htESQNb.exe
  2⤵
  PID:8944
- C:\Windows\System\xNRHxgB.exe
  C:\Windows\System\xNRHxgB.exe
  2⤵
  PID:8988
- C:\Windows\System\hcxNmVY.exe
  C:\Windows\System\hcxNmVY.exe
  2⤵
  PID:9036
- C:\Windows\System\ZgvhcJS.exe
  C:\Windows\System\ZgvhcJS.exe
  2⤵
  PID:9076
- C:\Windows\System\AKdvdrG.exe
  C:\Windows\System\AKdvdrG.exe
  2⤵
  PID:9112
- C:\Windows\System\wKbWEJp.exe
  C:\Windows\System\wKbWEJp.exe
  2⤵
  PID:9140
- C:\Windows\System\eeuOOfv.exe
  C:\Windows\System\eeuOOfv.exe
  2⤵
  PID:9168
- C:\Windows\System\ArdYihh.exe
  C:\Windows\System\ArdYihh.exe
  2⤵
  PID:8200
- C:\Windows\System\erFOWIY.exe
  C:\Windows\System\erFOWIY.exe
  2⤵
  PID:8256
- C:\Windows\System\PUCpFZa.exe
  C:\Windows\System\PUCpFZa.exe
  2⤵
  PID:8336
- C:\Windows\System\DRFrlob.exe
  C:\Windows\System\DRFrlob.exe
  2⤵
  PID:8396
- C:\Windows\System\WAaoqVx.exe
  C:\Windows\System\WAaoqVx.exe
  2⤵
  PID:8484
- C:\Windows\System\CeabdoJ.exe
  C:\Windows\System\CeabdoJ.exe
  2⤵
  PID:8160
- C:\Windows\System\FfnftIY.exe
  C:\Windows\System\FfnftIY.exe
  2⤵
  PID:8604
- C:\Windows\System\zDjUJoO.exe
  C:\Windows\System\zDjUJoO.exe
  2⤵
  PID:8688
- C:\Windows\System\XbzLwlE.exe
  C:\Windows\System\XbzLwlE.exe
  2⤵
  PID:8744
- C:\Windows\System\wRRDsTm.exe
  C:\Windows\System\wRRDsTm.exe
  2⤵
  PID:6440
- C:\Windows\System\OVNtdwU.exe
  C:\Windows\System\OVNtdwU.exe
  2⤵
  PID:6460
- C:\Windows\System\UhVGwZX.exe
  C:\Windows\System\UhVGwZX.exe
  2⤵
  PID:8860
- C:\Windows\System\XitigZZ.exe
  C:\Windows\System\XitigZZ.exe
  2⤵
  PID:8892
- C:\Windows\System\LklGqIW.exe
  C:\Windows\System\LklGqIW.exe
  2⤵
  PID:2260
- C:\Windows\System\xwRhnMY.exe
  C:\Windows\System\xwRhnMY.exe
  2⤵
  PID:9052
- C:\Windows\System\LYhuyMP.exe
  C:\Windows\System\LYhuyMP.exe
  2⤵
  PID:9192
- C:\Windows\System\hkZYugj.exe
  C:\Windows\System\hkZYugj.exe
  2⤵
  PID:8300
- C:\Windows\System\dITVCdA.exe
  C:\Windows\System\dITVCdA.exe
  2⤵
  PID:8384
- C:\Windows\System\XgmwRAT.exe
  C:\Windows\System\XgmwRAT.exe
  2⤵
  PID:8588
- C:\Windows\System\bPpqEmh.exe
  C:\Windows\System\bPpqEmh.exe
  2⤵
  PID:8728
- C:\Windows\System\oUgPtak.exe
  C:\Windows\System\oUgPtak.exe
  2⤵
  PID:8756
- C:\Windows\System\wiiZUVB.exe
  C:\Windows\System\wiiZUVB.exe
  2⤵
  PID:8832
- C:\Windows\System\DwTAeGj.exe
  C:\Windows\System\DwTAeGj.exe
  2⤵
  PID:8556
- C:\Windows\System\LWeKark.exe
  C:\Windows\System\LWeKark.exe
  2⤵
  PID:9156
- C:\Windows\System\ZwBjDvL.exe
  C:\Windows\System\ZwBjDvL.exe
  2⤵
  PID:8320
- C:\Windows\System\dOjLzHH.exe
  C:\Windows\System\dOjLzHH.exe
  2⤵
  PID:8652
- C:\Windows\System\jjxcyrR.exe
  C:\Windows\System\jjxcyrR.exe
  2⤵
  PID:8820
- C:\Windows\System\JVTEmzp.exe
  C:\Windows\System\JVTEmzp.exe
  2⤵
  PID:9060
- C:\Windows\System\XEWoOwo.exe
  C:\Windows\System\XEWoOwo.exe
  2⤵
  PID:8508
- C:\Windows\System\wzRqbWh.exe
  C:\Windows\System\wzRqbWh.exe
  2⤵
  PID:8916
- C:\Windows\System\wJnSZjB.exe
  C:\Windows\System\wJnSZjB.exe
  2⤵
  PID:9032
- C:\Windows\System\ZNmGgEJ.exe
  C:\Windows\System\ZNmGgEJ.exe
  2⤵
  PID:8228
- C:\Windows\System\spDcnGW.exe
  C:\Windows\System\spDcnGW.exe
  2⤵
  PID:9248
- C:\Windows\System\RBvkFdk.exe
  C:\Windows\System\RBvkFdk.exe
  2⤵
  PID:9280
- C:\Windows\System\DtPmySy.exe
  C:\Windows\System\DtPmySy.exe
  2⤵
  PID:9332
- C:\Windows\System\RrgicHu.exe
  C:\Windows\System\RrgicHu.exe
  2⤵
  PID:9364
- C:\Windows\System\eUYZvul.exe
  C:\Windows\System\eUYZvul.exe
  2⤵
  PID:9396
- C:\Windows\System\CRYPRYQ.exe
  C:\Windows\System\CRYPRYQ.exe
  2⤵
  PID:9428
- C:\Windows\System\QVvoVEh.exe
  C:\Windows\System\QVvoVEh.exe
  2⤵
  PID:9460
- C:\Windows\System\zzjKCwE.exe
  C:\Windows\System\zzjKCwE.exe
  2⤵
  PID:9496
- C:\Windows\System\SONSkHz.exe
  C:\Windows\System\SONSkHz.exe
  2⤵
  PID:9528
- C:\Windows\System\NTTvIqC.exe
  C:\Windows\System\NTTvIqC.exe
  2⤵
  PID:9568
- C:\Windows\System\NEXfnlA.exe
  C:\Windows\System\NEXfnlA.exe
  2⤵
  PID:9600
- C:\Windows\System\GrVGHQQ.exe
  C:\Windows\System\GrVGHQQ.exe
  2⤵
  PID:9632
- C:\Windows\System\JXoUdIn.exe
  C:\Windows\System\JXoUdIn.exe
  2⤵
  PID:9664
- C:\Windows\System\vhpBDir.exe
  C:\Windows\System\vhpBDir.exe
  2⤵
  PID:9700
- C:\Windows\System\GoCgRGe.exe
  C:\Windows\System\GoCgRGe.exe
  2⤵
  PID:9728
- C:\Windows\System\CdCPhuB.exe
  C:\Windows\System\CdCPhuB.exe
  2⤵
  PID:9760
- C:\Windows\System\GdEdJgD.exe
  C:\Windows\System\GdEdJgD.exe
  2⤵
  PID:9792
- C:\Windows\System\PbiHJKx.exe
  C:\Windows\System\PbiHJKx.exe
  2⤵
  PID:9812
- C:\Windows\System\djndcxV.exe
  C:\Windows\System\djndcxV.exe
  2⤵
  PID:9856
- C:\Windows\System\gqvqLNa.exe
  C:\Windows\System\gqvqLNa.exe
  2⤵
  PID:9920
- C:\Windows\System\sUHbuqE.exe
  C:\Windows\System\sUHbuqE.exe
  2⤵
  PID:9956
- C:\Windows\System\wDgpinm.exe
  C:\Windows\System\wDgpinm.exe
  2⤵
  PID:9988
- C:\Windows\System\GEXlPAa.exe
  C:\Windows\System\GEXlPAa.exe
  2⤵
  PID:10020
- C:\Windows\System\LmzmEdC.exe
  C:\Windows\System\LmzmEdC.exe
  2⤵
  PID:10052
- C:\Windows\System\wvnvoUb.exe
  C:\Windows\System\wvnvoUb.exe
  2⤵
  PID:10084
- C:\Windows\System\ZRSYpKR.exe
  C:\Windows\System\ZRSYpKR.exe
  2⤵
  PID:10116
- C:\Windows\System\zftNcwc.exe
  C:\Windows\System\zftNcwc.exe
  2⤵
  PID:10152
- C:\Windows\System\UnbAXNW.exe
  C:\Windows\System\UnbAXNW.exe
  2⤵
  PID:10184
- C:\Windows\System\HjEfdYv.exe
  C:\Windows\System\HjEfdYv.exe
  2⤵
  PID:10216
- C:\Windows\System\hFuYJkR.exe
  C:\Windows\System\hFuYJkR.exe
  2⤵
  PID:9236
- C:\Windows\System\plbqAdp.exe
  C:\Windows\System\plbqAdp.exe
  2⤵
  PID:9120
- C:\Windows\System\YjxnvOE.exe
  C:\Windows\System\YjxnvOE.exe
  2⤵
  PID:9292
- C:\Windows\System\jTsntVi.exe
  C:\Windows\System\jTsntVi.exe
  2⤵
  PID:9360
- C:\Windows\System\glpvlrp.exe
  C:\Windows\System\glpvlrp.exe
  2⤵
  PID:9424
- C:\Windows\System\rAzDbXp.exe
  C:\Windows\System\rAzDbXp.exe
  2⤵
  PID:9488
- C:\Windows\System\tUUuuQM.exe
  C:\Windows\System\tUUuuQM.exe
  2⤵
  PID:9584
- C:\Windows\System\DQClOmv.exe
  C:\Windows\System\DQClOmv.exe
  2⤵
  PID:9648
- C:\Windows\System\vmwwcUo.exe
  C:\Windows\System\vmwwcUo.exe
  2⤵
  PID:9716
- C:\Windows\System\uDCTavd.exe
  C:\Windows\System\uDCTavd.exe
  2⤵
  PID:9776
- C:\Windows\System\StFjUUl.exe
  C:\Windows\System\StFjUUl.exe
  2⤵
  PID:9848
- C:\Windows\System\iOsMvsO.exe
  C:\Windows\System\iOsMvsO.exe
  2⤵
  PID:9928
- C:\Windows\System\MoGhKGE.exe
  C:\Windows\System\MoGhKGE.exe
  2⤵
  PID:10012
- C:\Windows\System\LNPEERe.exe
  C:\Windows\System\LNPEERe.exe
  2⤵
  PID:10064
- C:\Windows\System\ynxvdPf.exe
  C:\Windows\System\ynxvdPf.exe
  2⤵
  PID:10128
- C:\Windows\System\yVeSWKr.exe
  C:\Windows\System\yVeSWKr.exe
  2⤵
  PID:10196
- C:\Windows\System\qqnTAZX.exe
  C:\Windows\System\qqnTAZX.exe
  2⤵
  PID:9244
- C:\Windows\System\GQZtjKP.exe
  C:\Windows\System\GQZtjKP.exe
  2⤵
  PID:9492
- C:\Windows\System\EfujAXu.exe
  C:\Windows\System\EfujAXu.exe
  2⤵
  PID:9420
- C:\Windows\System\hRwmqop.exe
  C:\Windows\System\hRwmqop.exe
  2⤵
  PID:9680
- C:\Windows\System\oeXczOf.exe
  C:\Windows\System\oeXczOf.exe
  2⤵
  PID:9744
- C:\Windows\System\ReFBdMs.exe
  C:\Windows\System\ReFBdMs.exe
  2⤵
  PID:9900
- C:\Windows\System\HZdewTc.exe
  C:\Windows\System\HZdewTc.exe
  2⤵
  PID:10108
- C:\Windows\System\YCtnUmE.exe
  C:\Windows\System\YCtnUmE.exe
  2⤵
  PID:10164
- C:\Windows\System\slagHED.exe
  C:\Windows\System\slagHED.exe
  2⤵
  PID:9276
- C:\Windows\System\jXcyLTv.exe
  C:\Windows\System\jXcyLTv.exe
  2⤵
  PID:9644
- C:\Windows\System\JBeJbKh.exe
  C:\Windows\System\JBeJbKh.exe
  2⤵
  PID:9872
- C:\Windows\System\SpLVBfa.exe
  C:\Windows\System\SpLVBfa.exe
  2⤵
  PID:9328
- C:\Windows\System\AqfBzNP.exe
  C:\Windows\System\AqfBzNP.exe
  2⤵
  PID:10180
- C:\Windows\System\Wfwsblo.exe
  C:\Windows\System\Wfwsblo.exe
  2⤵
  PID:8664
- C:\Windows\System\ftXPMRu.exe
  C:\Windows\System\ftXPMRu.exe
  2⤵
  PID:9804
- C:\Windows\System\CRWIMSB.exe
  C:\Windows\System\CRWIMSB.exe
  2⤵
  PID:9304
- C:\Windows\System\AEfaBGi.exe
  C:\Windows\System\AEfaBGi.exe
  2⤵
  PID:9740
- C:\Windows\System\GDvSEOi.exe
  C:\Windows\System\GDvSEOi.exe
  2⤵
  PID:9228
- C:\Windows\System\cErlkSa.exe
  C:\Windows\System\cErlkSa.exe
  2⤵
  PID:9544
- C:\Windows\System\XhdIjTe.exe
  C:\Windows\System\XhdIjTe.exe
  2⤵
  PID:10256
- C:\Windows\System\HUynWSH.exe
  C:\Windows\System\HUynWSH.exe
  2⤵
  PID:10292
- C:\Windows\System\qtRsrcv.exe
  C:\Windows\System\qtRsrcv.exe
  2⤵
  PID:10324
- C:\Windows\System\VlbTkvR.exe
  C:\Windows\System\VlbTkvR.exe
  2⤵
  PID:10356
- C:\Windows\System\CYFaHPq.exe
  C:\Windows\System\CYFaHPq.exe
  2⤵
  PID:10388
- C:\Windows\System\nhxxVuy.exe
  C:\Windows\System\nhxxVuy.exe
  2⤵
  PID:10420
- C:\Windows\System\lmMhMtR.exe
  C:\Windows\System\lmMhMtR.exe
  2⤵
  PID:10452
- C:\Windows\System\JpfNJAq.exe
  C:\Windows\System\JpfNJAq.exe
  2⤵
  PID:10484
- C:\Windows\System\HXviyFN.exe
  C:\Windows\System\HXviyFN.exe
  2⤵
  PID:10516
- C:\Windows\System\AVCqBpT.exe
  C:\Windows\System\AVCqBpT.exe
  2⤵
  PID:10548
- C:\Windows\System\TCAAUga.exe
  C:\Windows\System\TCAAUga.exe
  2⤵
  PID:10580
- C:\Windows\System\wZzgBPL.exe
  C:\Windows\System\wZzgBPL.exe
  2⤵
  PID:10612
- C:\Windows\System\tvFKWgp.exe
  C:\Windows\System\tvFKWgp.exe
  2⤵
  PID:10644
- C:\Windows\System\IZvqMXd.exe
  C:\Windows\System\IZvqMXd.exe
  2⤵
  PID:10676
- C:\Windows\System\cKhSFIH.exe
  C:\Windows\System\cKhSFIH.exe
  2⤵
  PID:10708
- C:\Windows\System\deSKZch.exe
  C:\Windows\System\deSKZch.exe
  2⤵
  PID:10740
- C:\Windows\System\dviIqJc.exe
  C:\Windows\System\dviIqJc.exe
  2⤵
  PID:10772
- C:\Windows\System\fWqEElM.exe
  C:\Windows\System\fWqEElM.exe
  2⤵
  PID:10804
- C:\Windows\System\CgbSsaY.exe
  C:\Windows\System\CgbSsaY.exe
  2⤵
  PID:10836
- C:\Windows\System\nuDRyte.exe
  C:\Windows\System\nuDRyte.exe
  2⤵
  PID:10868
- C:\Windows\System\TlyLpGv.exe
  C:\Windows\System\TlyLpGv.exe
  2⤵
  PID:10900
- C:\Windows\System\gLDoxrn.exe
  C:\Windows\System\gLDoxrn.exe
  2⤵
  PID:10932
- C:\Windows\System\OEWQdXp.exe
  C:\Windows\System\OEWQdXp.exe
  2⤵
  PID:10964
- C:\Windows\System\fENRNtV.exe
  C:\Windows\System\fENRNtV.exe
  2⤵
  PID:10984
- C:\Windows\System\DHyYUTE.exe
  C:\Windows\System\DHyYUTE.exe
  2⤵
  PID:11028
- C:\Windows\System\KEyeJoo.exe
  C:\Windows\System\KEyeJoo.exe
  2⤵
  PID:11068
- C:\Windows\System\CxXAiBA.exe
  C:\Windows\System\CxXAiBA.exe
  2⤵
  PID:11112
- C:\Windows\System\rHRhmAm.exe
  C:\Windows\System\rHRhmAm.exe
  2⤵
  PID:11144
- C:\Windows\System\ypbSpRM.exe
  C:\Windows\System\ypbSpRM.exe
  2⤵
  PID:11184
- C:\Windows\System\bJQrisf.exe
  C:\Windows\System\bJQrisf.exe
  2⤵
  PID:11240
- C:\Windows\System\xucZSXs.exe
  C:\Windows\System\xucZSXs.exe
  2⤵
  PID:10280
- C:\Windows\System\gvxlZSo.exe
  C:\Windows\System\gvxlZSo.exe
  2⤵
  PID:10340
- C:\Windows\System\SksINFO.exe
  C:\Windows\System\SksINFO.exe
  2⤵
  PID:10404
- C:\Windows\System\jSnkbes.exe
  C:\Windows\System\jSnkbes.exe
  2⤵
  PID:10464
- C:\Windows\System\tAKFLRY.exe
  C:\Windows\System\tAKFLRY.exe
  2⤵
  PID:10528
- C:\Windows\System\wRMLdsI.exe
  C:\Windows\System\wRMLdsI.exe
  2⤵
  PID:10628
- C:\Windows\System\WksqRbK.exe
  C:\Windows\System\WksqRbK.exe
  2⤵
  PID:10724
- C:\Windows\System\ULzDFJx.exe
  C:\Windows\System\ULzDFJx.exe
  2⤵
  PID:10796
- C:\Windows\System\MANlGlV.exe
  C:\Windows\System\MANlGlV.exe
  2⤵
  PID:10884
- C:\Windows\System\DDPzKEZ.exe
  C:\Windows\System\DDPzKEZ.exe
  2⤵
  PID:10976
- C:\Windows\System\hqWwvCe.exe
  C:\Windows\System\hqWwvCe.exe
  2⤵
  PID:11100
- C:\Windows\System\qiToLNL.exe
  C:\Windows\System\qiToLNL.exe
  2⤵
  PID:11208
- C:\Windows\System\uwzrGqx.exe
  C:\Windows\System\uwzrGqx.exe
  2⤵
  PID:1524
- C:\Windows\System\PaidTAl.exe
  C:\Windows\System\PaidTAl.exe
  2⤵
  PID:10252
- C:\Windows\System\jzOaEhh.exe
  C:\Windows\System\jzOaEhh.exe
  2⤵
  PID:10368
- C:\Windows\System\BISeHyu.exe
  C:\Windows\System\BISeHyu.exe
  2⤵
  PID:10432
- C:\Windows\System\lQEaGMV.exe
  C:\Windows\System\lQEaGMV.exe
  2⤵
  PID:2912
- C:\Windows\System\sdVsREu.exe
  C:\Windows\System\sdVsREu.exe
  2⤵
  PID:10956
- C:\Windows\System\sXwyQnl.exe
  C:\Windows\System\sXwyQnl.exe
  2⤵
  PID:10316
- C:\Windows\System\NfGfQQn.exe
  C:\Windows\System\NfGfQQn.exe
  2⤵
  PID:3720
- C:\Windows\System\JqyZFOS.exe
  C:\Windows\System\JqyZFOS.exe
  2⤵
  PID:10448
- C:\Windows\System\fUhvNDt.exe
  C:\Windows\System\fUhvNDt.exe
  2⤵
  PID:10736
- C:\Windows\System\dmWvmOB.exe
  C:\Windows\System\dmWvmOB.exe
  2⤵
  PID:11180
- C:\Windows\System\MlTMUaT.exe
  C:\Windows\System\MlTMUaT.exe
  2⤵
  PID:11164
- C:\Windows\System\THCSeDB.exe
  C:\Windows\System\THCSeDB.exe
  2⤵
  PID:10784
- C:\Windows\System\MXNrVeW.exe
  C:\Windows\System\MXNrVeW.exe
  2⤵
  PID:11268
- C:\Windows\System\LcKMYiE.exe
  C:\Windows\System\LcKMYiE.exe
  2⤵
  PID:11300
- C:\Windows\System\cYEnfkw.exe
  C:\Windows\System\cYEnfkw.exe
  2⤵
  PID:11332
- C:\Windows\System\bKJdLBU.exe
  C:\Windows\System\bKJdLBU.exe
  2⤵
  PID:11380
- C:\Windows\System\aNrFAVN.exe
  C:\Windows\System\aNrFAVN.exe
  2⤵
  PID:11412
- C:\Windows\System\KoMEaJL.exe
  C:\Windows\System\KoMEaJL.exe
  2⤵
  PID:11436
- C:\Windows\System\uzBkBqt.exe
  C:\Windows\System\uzBkBqt.exe
  2⤵
  PID:11476
- C:\Windows\System\QesQplC.exe
  C:\Windows\System\QesQplC.exe
  2⤵
  PID:11508
- C:\Windows\System\FqLhuof.exe
  C:\Windows\System\FqLhuof.exe
  2⤵
  PID:11540
- C:\Windows\System\BvLWUha.exe
  C:\Windows\System\BvLWUha.exe
  2⤵
  PID:11572
- C:\Windows\System\QjciSsZ.exe
  C:\Windows\System\QjciSsZ.exe
  2⤵
  PID:11604
- C:\Windows\System\HoWqjvo.exe
  C:\Windows\System\HoWqjvo.exe
  2⤵
  PID:11636
- C:\Windows\System\dUrXBaG.exe
  C:\Windows\System\dUrXBaG.exe
  2⤵
  PID:11672
- C:\Windows\System\rElTGhv.exe
  C:\Windows\System\rElTGhv.exe
  2⤵
  PID:11692
- C:\Windows\System\LmWpPAG.exe
  C:\Windows\System\LmWpPAG.exe
  2⤵
  PID:11736
- C:\Windows\System\uHNsQpA.exe
  C:\Windows\System\uHNsQpA.exe
  2⤵
  PID:11768
- C:\Windows\System\wSVJzJj.exe
  C:\Windows\System\wSVJzJj.exe
  2⤵
  PID:11800
- C:\Windows\System\AiFQOff.exe
  C:\Windows\System\AiFQOff.exe
  2⤵
  PID:11832
- C:\Windows\System\pSMUnRo.exe
  C:\Windows\System\pSMUnRo.exe
  2⤵
  PID:11864
- C:\Windows\System\zXoZMbR.exe
  C:\Windows\System\zXoZMbR.exe
  2⤵
  PID:11896
- C:\Windows\System\BtdDMOp.exe
  C:\Windows\System\BtdDMOp.exe
  2⤵
  PID:11928
- C:\Windows\System\nXJpJZk.exe
  C:\Windows\System\nXJpJZk.exe
  2⤵
  PID:11964
- C:\Windows\System\paewWLW.exe
  C:\Windows\System\paewWLW.exe
  2⤵
  PID:11996
- C:\Windows\System\WCBrqpS.exe
  C:\Windows\System\WCBrqpS.exe
  2⤵
  PID:12028
- C:\Windows\System\JdhGbDh.exe
  C:\Windows\System\JdhGbDh.exe
  2⤵
  PID:12060
- C:\Windows\System\ZegxdCE.exe
  C:\Windows\System\ZegxdCE.exe
  2⤵
  PID:12092
- C:\Windows\System\ZFYNamo.exe
  C:\Windows\System\ZFYNamo.exe
  2⤵
  PID:12144
- C:\Windows\System\tomPLIs.exe
  C:\Windows\System\tomPLIs.exe
  2⤵
  PID:12168
- C:\Windows\System\hXgxRVR.exe
  C:\Windows\System\hXgxRVR.exe
  2⤵
  PID:12200
- C:\Windows\System\LeIPLfe.exe
  C:\Windows\System\LeIPLfe.exe
  2⤵
  PID:12232
- C:\Windows\System\wfOynfq.exe
  C:\Windows\System\wfOynfq.exe
  2⤵
  PID:12264
- C:\Windows\System\KdmIFpK.exe
  C:\Windows\System\KdmIFpK.exe
  2⤵
  PID:12284
- C:\Windows\System\JGloCxl.exe
  C:\Windows\System\JGloCxl.exe
  2⤵
  PID:11292
- C:\Windows\System\lAlzzaD.exe
  C:\Windows\System\lAlzzaD.exe
  2⤵
  PID:11368
- C:\Windows\System\NyFQVnf.exe
  C:\Windows\System\NyFQVnf.exe
  2⤵
  PID:11428
- C:\Windows\System\blzHcHE.exe
  C:\Windows\System\blzHcHE.exe
  2⤵
  PID:11504
- C:\Windows\System\BPAguOd.exe
  C:\Windows\System\BPAguOd.exe
  2⤵
  PID:11568
- C:\Windows\System\LPFcwyq.exe
  C:\Windows\System\LPFcwyq.exe
  2⤵
  PID:11632
- C:\Windows\System\PuGUpHo.exe
  C:\Windows\System\PuGUpHo.exe
  2⤵
  PID:11728
- C:\Windows\System\wEVGClc.exe
  C:\Windows\System\wEVGClc.exe
  2⤵
  PID:11764
- C:\Windows\System\RPJGxEa.exe
  C:\Windows\System\RPJGxEa.exe
  2⤵
  PID:11828
- C:\Windows\System\AmpaHfp.exe
  C:\Windows\System\AmpaHfp.exe
  2⤵
  PID:11892
- C:\Windows\System\cToNKrX.exe
  C:\Windows\System\cToNKrX.exe
  2⤵
  PID:11956
- C:\Windows\System\kHorIss.exe
  C:\Windows\System\kHorIss.exe
  2⤵
  PID:12024
- C:\Windows\System\CrcaFye.exe
  C:\Windows\System\CrcaFye.exe
  2⤵
  PID:12088
- C:\Windows\System\evaPNxd.exe
  C:\Windows\System\evaPNxd.exe
  2⤵
  PID:12180
- C:\Windows\System\txuosUl.exe
  C:\Windows\System\txuosUl.exe
  2⤵
  PID:12212
- C:\Windows\System\knJerTz.exe
  C:\Windows\System\knJerTz.exe
  2⤵
  PID:10304
- C:\Windows\System\BPenoCl.exe
  C:\Windows\System\BPenoCl.exe
  2⤵
  PID:11340
- C:\Windows\System\bTMxucV.exe
  C:\Windows\System\bTMxucV.exe
  2⤵
  PID:11492
- C:\Windows\System\GPifsKC.exe
  C:\Windows\System\GPifsKC.exe
  2⤵
  PID:11596
- C:\Windows\System\LDqaYQU.exe
  C:\Windows\System\LDqaYQU.exe
  2⤵
  PID:11704
- C:\Windows\System\wSCqrYz.exe
  C:\Windows\System\wSCqrYz.exe
  2⤵
  PID:11824
- C:\Windows\System\ZcJSCNF.exe
  C:\Windows\System\ZcJSCNF.exe
  2⤵
  PID:11888
- C:\Windows\System\YDdnQGg.exe
  C:\Windows\System\YDdnQGg.exe
  2⤵
  PID:11952
- C:\Windows\System\BztVuwS.exe
  C:\Windows\System\BztVuwS.exe
  2⤵
  PID:12116
- C:\Windows\System\cmzKxGS.exe
  C:\Windows\System\cmzKxGS.exe
  2⤵
  PID:8232
- C:\Windows\System\DuVgnSB.exe
  C:\Windows\System\DuVgnSB.exe
  2⤵
  PID:11400
- C:\Windows\System\rnQiUTn.exe
  C:\Windows\System\rnQiUTn.exe
  2⤵
  PID:12152
- C:\Windows\System\jGavERo.exe
  C:\Windows\System\jGavERo.exe
  2⤵
  PID:11856
- C:\Windows\System\zATTAyt.exe
  C:\Windows\System\zATTAyt.exe
  2⤵
  PID:12224
- C:\Windows\System\EaQLRAC.exe
  C:\Windows\System\EaQLRAC.exe
  2⤵
  PID:11524
- C:\Windows\System\EulOarF.exe
  C:\Windows\System\EulOarF.exe
  2⤵
  PID:12248
- C:\Windows\System\rZsIuji.exe
  C:\Windows\System\rZsIuji.exe
  2⤵
  PID:12308
- C:\Windows\System\ExiCNLh.exe
  C:\Windows\System\ExiCNLh.exe
  2⤵
  PID:12340
- C:\Windows\System\HTmmJQM.exe
  C:\Windows\System\HTmmJQM.exe
  2⤵
  PID:12372
- C:\Windows\System\KWBJrXW.exe
  C:\Windows\System\KWBJrXW.exe
  2⤵
  PID:12404
- C:\Windows\System\NQFufGp.exe
  C:\Windows\System\NQFufGp.exe
  2⤵
  PID:12436
- C:\Windows\System\ISwNZVv.exe
  C:\Windows\System\ISwNZVv.exe
  2⤵
  PID:12468
- C:\Windows\System\QMiVkJN.exe
  C:\Windows\System\QMiVkJN.exe
  2⤵
  PID:12500
- C:\Windows\System\xuLnbsT.exe
  C:\Windows\System\xuLnbsT.exe
  2⤵
  PID:12532
- C:\Windows\System\ZeuMgqc.exe
  C:\Windows\System\ZeuMgqc.exe
  2⤵
  PID:12564
- C:\Windows\System\PbiRJQo.exe
  C:\Windows\System\PbiRJQo.exe
  2⤵
  PID:12600
- C:\Windows\System\rNCuTBs.exe
  C:\Windows\System\rNCuTBs.exe
  2⤵
  PID:12632
- C:\Windows\System\iVMxqXl.exe
  C:\Windows\System\iVMxqXl.exe
  2⤵
  PID:12664
- C:\Windows\System\RblEsLT.exe
  C:\Windows\System\RblEsLT.exe
  2⤵
  PID:12696
- C:\Windows\System\NFPZIkt.exe
  C:\Windows\System\NFPZIkt.exe
  2⤵
  PID:12728
- C:\Windows\System\HrHkxId.exe
  C:\Windows\System\HrHkxId.exe
  2⤵
  PID:12756
- C:\Windows\System\ENUDDUa.exe
  C:\Windows\System\ENUDDUa.exe
  2⤵
  PID:12772
- C:\Windows\System\HikmmMF.exe
  C:\Windows\System\HikmmMF.exe
  2⤵
  PID:12792
- C:\Windows\System\piGFRDO.exe
  C:\Windows\System\piGFRDO.exe
  2⤵
  PID:12832
- C:\Windows\System\kKvpvYP.exe
  C:\Windows\System\kKvpvYP.exe
  2⤵
  PID:12868
- C:\Windows\System\DHojPCi.exe
  C:\Windows\System\DHojPCi.exe
  2⤵
  PID:12904
- C:\Windows\System\NrrRcsZ.exe
  C:\Windows\System\NrrRcsZ.exe
  2⤵
  PID:12936
- C:\Windows\System\meZJwfC.exe
  C:\Windows\System\meZJwfC.exe
  2⤵
  PID:12968
- C:\Windows\System\GOnTFMD.exe
  C:\Windows\System\GOnTFMD.exe
  2⤵
  PID:13008
- C:\Windows\System\mEeUOKJ.exe
  C:\Windows\System\mEeUOKJ.exe
  2⤵
  PID:13052
- C:\Windows\System\fSedBdA.exe
  C:\Windows\System\fSedBdA.exe
  2⤵
  PID:13084
- C:\Windows\System\ScWVWHG.exe
  C:\Windows\System\ScWVWHG.exe
  2⤵
  PID:13120
- C:\Windows\System\klrMZqn.exe
  C:\Windows\System\klrMZqn.exe
  2⤵
  PID:13152
- C:\Windows\System\kOBakrx.exe
  C:\Windows\System\kOBakrx.exe
  2⤵
  PID:13184
- C:\Windows\System\mnnYCEx.exe
  C:\Windows\System\mnnYCEx.exe
  2⤵
  PID:13216
- C:\Windows\System\SmeQrwy.exe
  C:\Windows\System\SmeQrwy.exe
  2⤵
  PID:13232
- C:\Windows\System\JNEfedC.exe
  C:\Windows\System\JNEfedC.exe
  2⤵
  PID:13280
- C:\Windows\System\bBKZuZo.exe
  C:\Windows\System\bBKZuZo.exe
  2⤵
  PID:12192
- C:\Windows\System\xzrcWVT.exe
  C:\Windows\System\xzrcWVT.exe
  2⤵
  PID:12304
- C:\Windows\System\FvoPXre.exe
  C:\Windows\System\FvoPXre.exe
  2⤵
  PID:12332
- C:\Windows\System\HqhTyfN.exe
  C:\Windows\System\HqhTyfN.exe
  2⤵
  PID:12360
- C:\Windows\System\SPzWVcz.exe
  C:\Windows\System\SPzWVcz.exe
  2⤵
  PID:4584
- C:\Windows\System\aVSyuyN.exe
  C:\Windows\System\aVSyuyN.exe
  2⤵
  PID:1908
- C:\Windows\System\bhUdsXG.exe
  C:\Windows\System\bhUdsXG.exe
  2⤵
  PID:12576
- C:\Windows\System\aHaSMZt.exe
  C:\Windows\System\aHaSMZt.exe
  2⤵
  PID:12612
- C:\Windows\System\oUpjGxr.exe
  C:\Windows\System\oUpjGxr.exe
  2⤵
  PID:12648
- C:\Windows\System\TmHlfeM.exe
  C:\Windows\System\TmHlfeM.exe
  2⤵
  PID:7672
- C:\Windows\System\wpeYCak.exe
  C:\Windows\System\wpeYCak.exe
  2⤵
  PID:7668
- C:\Windows\System\SJeTXZy.exe
  C:\Windows\System\SJeTXZy.exe
  2⤵
  PID:12784
- C:\Windows\System\fiXSvND.exe
  C:\Windows\System\fiXSvND.exe
  2⤵
  PID:12844
- C:\Windows\System\hEdVshJ.exe
  C:\Windows\System\hEdVshJ.exe
  2⤵
  PID:12884
- C:\Windows\System\zaZHfDv.exe
  C:\Windows\System\zaZHfDv.exe
  2⤵
  PID:12980
- C:\Windows\System\smFAghx.exe
  C:\Windows\System\smFAghx.exe
  2⤵
  PID:13020
- C:\Windows\System\twDDQOg.exe
  C:\Windows\System\twDDQOg.exe
  2⤵
  PID:13100
- C:\Windows\System\lqmoBjP.exe
  C:\Windows\System\lqmoBjP.exe
  2⤵
  PID:13180
- C:\Windows\System\FvZjJxS.exe
  C:\Windows\System\FvZjJxS.exe
  2⤵
  PID:13228
- C:\Windows\System\FivsCgi.exe
  C:\Windows\System\FivsCgi.exe
  2⤵
  PID:13292
- C:\Windows\System\ffbqBAP.exe
  C:\Windows\System\ffbqBAP.exe
  2⤵
  PID:12320
- C:\Windows\System\dUgIKUY.exe
  C:\Windows\System\dUgIKUY.exe
  2⤵
  PID:12392
- C:\Windows\System\NLgwwPL.exe
  C:\Windows\System\NLgwwPL.exe
  2⤵
  PID:12484
- C:\Windows\System\FEWDHio.exe
  C:\Windows\System\FEWDHio.exe
  2⤵
  PID:12596
- C:\Windows\System\aUlvLlR.exe
  C:\Windows\System\aUlvLlR.exe
  2⤵
  PID:8092
- C:\Windows\System\YGCrvcR.exe
  C:\Windows\System\YGCrvcR.exe
  2⤵
  PID:12740
- C:\Windows\System\TLLEVET.exe
  C:\Windows\System\TLLEVET.exe
  2⤵
  PID:12808
- C:\Windows\System\iHWlEjr.exe
  C:\Windows\System\iHWlEjr.exe
  2⤵
  PID:12916
- C:\Windows\System\jSIBQDE.exe
  C:\Windows\System\jSIBQDE.exe
  2⤵
  PID:6680
- C:\Windows\System\aMwcjZz.exe
  C:\Windows\System\aMwcjZz.exe
  2⤵
  PID:13148
- C:\Windows\System\vNFQIhk.exe
  C:\Windows\System\vNFQIhk.exe
  2⤵
  PID:13200
- C:\Windows\System\VpeXKzB.exe
  C:\Windows\System\VpeXKzB.exe
  2⤵
  PID:13256
- C:\Windows\System\ntzziPf.exe
  C:\Windows\System\ntzziPf.exe
  2⤵
  PID:13308
- C:\Windows\System\yfjQQBN.exe
  C:\Windows\System\yfjQQBN.exe
  2⤵
  PID:2512
- C:\Windows\System\LRadOVM.exe
  C:\Windows\System\LRadOVM.exe
  2⤵
  PID:12924
- C:\Windows\System\jsqWjNz.exe
  C:\Windows\System\jsqWjNz.exe
  2⤵
  PID:13272
- C:\Windows\System\qHkHbBE.exe
  C:\Windows\System\qHkHbBE.exe
  2⤵
  PID:2996
- C:\Windows\System\ohYDmHO.exe
  C:\Windows\System\ohYDmHO.exe
  2⤵
  PID:8032
- C:\Windows\System\JJKowMw.exe
  C:\Windows\System\JJKowMw.exe
  2⤵
  PID:3940
- C:\Windows\System\TmutReM.exe
  C:\Windows\System\TmutReM.exe
  2⤵
  PID:7712
- C:\Windows\System\TfCOWaf.exe
  C:\Windows\System\TfCOWaf.exe
  2⤵
  PID:12416
- C:\Windows\System\mokWoSN.exe
  C:\Windows\System\mokWoSN.exe
  2⤵
  PID:13040
- C:\Windows\System\HPnkHJz.exe
  C:\Windows\System\HPnkHJz.exe
  2⤵
  PID:13344
- C:\Windows\System\oldUrgc.exe
  C:\Windows\System\oldUrgc.exe
  2⤵
  PID:13376
- C:\Windows\System\JuuBeYx.exe
  C:\Windows\System\JuuBeYx.exe
  2⤵
  PID:13408
- C:\Windows\System\cgviXAK.exe
  C:\Windows\System\cgviXAK.exe
  2⤵
  PID:13440
- C:\Windows\System\oyoqdhf.exe
  C:\Windows\System\oyoqdhf.exe
  2⤵
  PID:13476
- C:\Windows\System\khsegUD.exe
  C:\Windows\System\khsegUD.exe
  2⤵
  PID:13524
- C:\Windows\System\kJqrcMv.exe
  C:\Windows\System\kJqrcMv.exe
  2⤵
  PID:13576
- C:\Windows\System\LyLCJyZ.exe
  C:\Windows\System\LyLCJyZ.exe
  2⤵
  PID:13600
- C:\Windows\System\MlCxyXd.exe
  C:\Windows\System\MlCxyXd.exe
  2⤵
  PID:13632
- C:\Windows\System\IXjrKYK.exe
  C:\Windows\System\IXjrKYK.exe
  2⤵
  PID:13664
- C:\Windows\System\HinucUI.exe
  C:\Windows\System\HinucUI.exe
  2⤵
  PID:13696
- C:\Windows\System\IKgWvyR.exe
  C:\Windows\System\IKgWvyR.exe
  2⤵
  PID:13732
- C:\Windows\System\yPxpuQR.exe
  C:\Windows\System\yPxpuQR.exe
  2⤵
  PID:13764
- C:\Windows\System\jQDmgPj.exe
  C:\Windows\System\jQDmgPj.exe
  2⤵
  PID:13804
- C:\Windows\System\qLSTslf.exe
  C:\Windows\System\qLSTslf.exe
  2⤵
  PID:13824
- C:\Windows\System\sIrmBBx.exe
  C:\Windows\System\sIrmBBx.exe
  2⤵
  PID:13844
- C:\Windows\System\GSepQZP.exe
  C:\Windows\System\GSepQZP.exe
  2⤵
  PID:13872
- C:\Windows\System\iGjCfdk.exe
  C:\Windows\System\iGjCfdk.exe
  2⤵
  PID:13932
- C:\Windows\System\RDwfuKK.exe
  C:\Windows\System\RDwfuKK.exe
  2⤵
  PID:13976
- C:\Windows\System\QhSBVkK.exe
  C:\Windows\System\QhSBVkK.exe
  2⤵
  PID:14004
- C:\Windows\System\sCAcKye.exe
  C:\Windows\System\sCAcKye.exe
  2⤵
  PID:14036
- C:\Windows\System\wgnfPJS.exe
  C:\Windows\System\wgnfPJS.exe
  2⤵
  PID:14072
- C:\Windows\System\CoLjGrp.exe
  C:\Windows\System\CoLjGrp.exe
  2⤵
  PID:14108
- C:\Windows\System\dCgNJhl.exe
  C:\Windows\System\dCgNJhl.exe
  2⤵
  PID:14140
- C:\Windows\System\uHWCruL.exe
  C:\Windows\System\uHWCruL.exe
  2⤵
  PID:14172
- C:\Windows\System\tFdHjId.exe
  C:\Windows\System\tFdHjId.exe
  2⤵
  PID:14188
- C:\Windows\System\JkoYoGk.exe
  C:\Windows\System\JkoYoGk.exe
  2⤵
  PID:14204
- C:\Windows\System\nEYtgGv.exe
  C:\Windows\System\nEYtgGv.exe
  2⤵
  PID:14240
- C:\Windows\System\IJkZkIS.exe
  C:\Windows\System\IJkZkIS.exe
  2⤵
  PID:14256
- C:\Windows\System\iTBJrhY.exe
  C:\Windows\System\iTBJrhY.exe
  2⤵
  PID:14316
- C:\Windows\System\YvIMESQ.exe
  C:\Windows\System\YvIMESQ.exe
  2⤵
  PID:13328
- C:\Windows\System\aKdnaaC.exe
  C:\Windows\System\aKdnaaC.exe
  2⤵
  PID:13404
- C:\Windows\System\ZnDmpmW.exe
  C:\Windows\System\ZnDmpmW.exe
  2⤵
  PID:13468
- C:\Windows\System\zhUXECu.exe
  C:\Windows\System\zhUXECu.exe
  2⤵
  PID:13584
- C:\Windows\System\YYVkBIb.exe
  C:\Windows\System\YYVkBIb.exe
  2⤵
  PID:13648
- C:\Windows\System\bNYbLre.exe
  C:\Windows\System\bNYbLre.exe
  2⤵
  PID:13712
- C:\Windows\System\UCWaTgv.exe
  C:\Windows\System\UCWaTgv.exe
  2⤵
  PID:11088
- C:\Windows\System\MfQVOlW.exe
  C:\Windows\System\MfQVOlW.exe
  2⤵
  PID:13776
- C:\Windows\System\QIjcqvB.exe
  C:\Windows\System\QIjcqvB.exe
  2⤵
  PID:13868
- C:\Windows\System\VebBKDL.exe
  C:\Windows\System\VebBKDL.exe
  2⤵
  PID:13888
- C:\Windows\System\jWWDiJf.exe
  C:\Windows\System\jWWDiJf.exe
  2⤵
  PID:13984
- C:\Windows\System\XyfKwky.exe
  C:\Windows\System\XyfKwky.exe
  2⤵
  PID:14016
- C:\Windows\System\eyPhRrT.exe
  C:\Windows\System\eyPhRrT.exe
  2⤵
  PID:14060
- C:\Windows\System\lBtgnsp.exe
  C:\Windows\System\lBtgnsp.exe
  2⤵
  PID:14156
- C:\Windows\System\WOaRfSZ.exe
  C:\Windows\System\WOaRfSZ.exe
  2⤵
  PID:14180
- C:\Windows\System\LgabgAp.exe
  C:\Windows\System\LgabgAp.exe
  2⤵
  PID:14292
- C:\Windows\System\gReJgnk.exe
  C:\Windows\System\gReJgnk.exe
  2⤵
  PID:14328
- C:\Windows\System\zKzTmHf.exe
  C:\Windows\System\zKzTmHf.exe
  2⤵
  PID:13436
- C:\Windows\System\HmTyRUh.exe
  C:\Windows\System\HmTyRUh.exe
  2⤵
  PID:13520
- C:\Windows\System\AUccXMX.exe
  C:\Windows\System\AUccXMX.exe
  2⤵
  PID:13660
- C:\Windows\System\hdGMHIu.exe
  C:\Windows\System\hdGMHIu.exe
  2⤵
  PID:11064
- C:\Windows\System\TmVdRmm.exe
  C:\Windows\System\TmVdRmm.exe
  2⤵
  PID:13744
- C:\Windows\System\CsfIOuB.exe
  C:\Windows\System\CsfIOuB.exe
  2⤵
  PID:11224
- C:\Windows\System\HQuocXT.exe
  C:\Windows\System\HQuocXT.exe
  2⤵
  PID:13800
- C:\Windows\System\NguKvab.exe
  C:\Windows\System\NguKvab.exe
  2⤵
  PID:13928
- C:\Windows\System\RvSegaH.exe
  C:\Windows\System\RvSegaH.exe
  2⤵
  PID:13996
- C:\Windows\System\LdNEKwb.exe
  C:\Windows\System\LdNEKwb.exe
  2⤵
  PID:14100
- C:\Windows\System\SKzsbtd.exe
  C:\Windows\System\SKzsbtd.exe
  2⤵
  PID:14272
- C:\Windows\System\DTyJCfX.exe
  C:\Windows\System\DTyJCfX.exe
  2⤵
  PID:13504
- C:\Windows\System\ySBMKeY.exe
  C:\Windows\System\ySBMKeY.exe
  2⤵
  PID:13748
- C:\Windows\System\rJYwcuf.exe
  C:\Windows\System\rJYwcuf.exe
  2⤵
  PID:808
- C:\Windows\System\VDIKZAs.exe
  C:\Windows\System\VDIKZAs.exe
  2⤵
  PID:4592
- C:\Windows\System\RpiSnLS.exe
  C:\Windows\System\RpiSnLS.exe
  2⤵
  PID:13856
- C:\Windows\System\fezaxac.exe
  C:\Windows\System\fezaxac.exe
  2⤵
  PID:14032
- C:\Windows\System\UuDMJIO.exe
  C:\Windows\System\UuDMJIO.exe
  2⤵
  PID:13552
- C:\Windows\System\eSVQBWo.exe
  C:\Windows\System\eSVQBWo.exe
  2⤵
  PID:14360
- C:\Windows\System\mWAIxBO.exe
  C:\Windows\System\mWAIxBO.exe
  2⤵
  PID:14404
- C:\Windows\System\yNAwjOt.exe
  C:\Windows\System\yNAwjOt.exe
  2⤵
  PID:14428
- C:\Windows\System\bpSAQFI.exe
  C:\Windows\System\bpSAQFI.exe
  2⤵
  PID:14472
- C:\Windows\System\OZIPzNu.exe
  C:\Windows\System\OZIPzNu.exe
  2⤵
  PID:14504
- C:\Windows\System\LdCFjLY.exe
  C:\Windows\System\LdCFjLY.exe
  2⤵
  PID:14536
- C:\Windows\System\jbajOzk.exe
  C:\Windows\System\jbajOzk.exe
  2⤵
  PID:14568
- C:\Windows\System\UExdrnt.exe
  C:\Windows\System\UExdrnt.exe
  2⤵
  PID:14600
- C:\Windows\System\fFbgvPL.exe
  C:\Windows\System\fFbgvPL.exe
  2⤵
  PID:14624
- C:\Windows\System\JRsFsYv.exe
  C:\Windows\System\JRsFsYv.exe
  2⤵
  PID:14660
- C:\Windows\System\dkvsGum.exe
  C:\Windows\System\dkvsGum.exe
  2⤵
  PID:14680
- C:\Windows\System\rateuYX.exe
  C:\Windows\System\rateuYX.exe
  2⤵
  PID:14700
- C:\Windows\System\hZjweIY.exe
  C:\Windows\System\hZjweIY.exe
  2⤵
  PID:14772
- C:\Windows\System\hLbgzXA.exe
  C:\Windows\System\hLbgzXA.exe
  2⤵
  PID:14792
- C:\Windows\System\MzBRnXg.exe
  C:\Windows\System\MzBRnXg.exe
  2⤵
  PID:14844
- C:\Windows\System\qHtJmPR.exe
  C:\Windows\System\qHtJmPR.exe
  2⤵
  PID:14864
- C:\Windows\System\AYnaWYY.exe
  C:\Windows\System\AYnaWYY.exe
  2⤵
  PID:14896
- C:\Windows\System\IHOtzuo.exe
  C:\Windows\System\IHOtzuo.exe
  2⤵
  PID:14932
- C:\Windows\System\zHxbbGs.exe
  C:\Windows\System\zHxbbGs.exe
  2⤵
  PID:14964
- C:\Windows\System\pnbPbyY.exe
  C:\Windows\System\pnbPbyY.exe
  2⤵
  PID:14996
- C:\Windows\System\txQcVlL.exe
  C:\Windows\System\txQcVlL.exe
  2⤵
  PID:15028
- C:\Windows\System\tcUXtks.exe
  C:\Windows\System\tcUXtks.exe
  2⤵
  PID:15060
- C:\Windows\System\Lqlomoe.exe
  C:\Windows\System\Lqlomoe.exe
  2⤵
  PID:15092
- C:\Windows\System\hCGFHqJ.exe
  C:\Windows\System\hCGFHqJ.exe
  2⤵
  PID:15124
- C:\Windows\System\mCeUuUs.exe
  C:\Windows\System\mCeUuUs.exe
  2⤵
  PID:15156
- C:\Windows\System\dTbaPIV.exe
  C:\Windows\System\dTbaPIV.exe
  2⤵
  PID:15188
- C:\Windows\System\ZOBwFwJ.exe
  C:\Windows\System\ZOBwFwJ.exe
  2⤵
  PID:15212
- C:\Windows\System\NVciNgN.exe
  C:\Windows\System\NVciNgN.exe
  2⤵
  PID:15252
- C:\Windows\System\UaPzVRg.exe
  C:\Windows\System\UaPzVRg.exe
  2⤵
  PID:15284
- C:\Windows\System\sEMjnLp.exe
  C:\Windows\System\sEMjnLp.exe
  2⤵
  PID:15316
- C:\Windows\System\ZkcWGiP.exe
  C:\Windows\System\ZkcWGiP.exe
  2⤵
  PID:15348
- C:\Windows\System\nkKUlbx.exe
  C:\Windows\System\nkKUlbx.exe
  2⤵
  PID:14220
- C:\Windows\System\sjWUvqF.exe
  C:\Windows\System\sjWUvqF.exe
  2⤵
  PID:14392
- C:\Windows\System\BqORykA.exe
  C:\Windows\System\BqORykA.exe
  2⤵
  PID:14440
- C:\Windows\System\bGvOSyk.exe
  C:\Windows\System\bGvOSyk.exe
  2⤵
  PID:14524
- C:\Windows\System\ZXYIMAl.exe
  C:\Windows\System\ZXYIMAl.exe
  2⤵
  PID:14584
- C:\Windows\System\pAdThTr.exe
  C:\Windows\System\pAdThTr.exe
  2⤵
  PID:14608
- C:\Windows\System\wNlHmIR.exe
  C:\Windows\System\wNlHmIR.exe
  2⤵
  PID:14676
- C:\Windows\System\IUBoDOU.exe
  C:\Windows\System\IUBoDOU.exe
  2⤵
  PID:14752
- C:\Windows\System\asKPvWB.exe
  C:\Windows\System\asKPvWB.exe
  2⤵
  PID:14832
- C:\Windows\System\MGzSbmB.exe
  C:\Windows\System\MGzSbmB.exe
  2⤵
  PID:1256
- C:\Windows\System\uoCUdjl.exe
  C:\Windows\System\uoCUdjl.exe
  2⤵
  PID:14948
- C:\Windows\System\fhoLomm.exe
  C:\Windows\System\fhoLomm.exe
  2⤵
  PID:15012
- C:\Windows\System\mFNkEvP.exe
  C:\Windows\System\mFNkEvP.exe
  2⤵
  PID:15044
- C:\Windows\System\OqtYMXK.exe
  C:\Windows\System\OqtYMXK.exe
  2⤵
  PID:3628
- C:\Windows\System\eMPomoG.exe
  C:\Windows\System\eMPomoG.exe
  2⤵
  PID:4784
- C:\Windows\System\VrpBHtT.exe
  C:\Windows\System\VrpBHtT.exe
  2⤵
  PID:3672
- C:\Windows\System\wNEERNz.exe
  C:\Windows\System\wNEERNz.exe
  2⤵
  PID:15220
- C:\Windows\System\yzXorcy.exe
  C:\Windows\System\yzXorcy.exe
  2⤵
  PID:15300
- C:\Windows\System\MOMMynY.exe
  C:\Windows\System\MOMMynY.exe
  2⤵
  PID:1756
- C:\Windows\System\hHdTnwu.exe
  C:\Windows\System\hHdTnwu.exe
  2⤵
  PID:3592
- C:\Windows\System\MLaOyzp.exe
  C:\Windows\System\MLaOyzp.exe
  2⤵
  PID:5036
- C:\Windows\System\WttgJgv.exe
  C:\Windows\System\WttgJgv.exe
  2⤵
  PID:14516
- C:\Windows\System\MNmeWYt.exe
  C:\Windows\System\MNmeWYt.exe
  2⤵
  PID:4200
- C:\Windows\System\wYGjhng.exe
  C:\Windows\System\wYGjhng.exe
  2⤵
  PID:14632
- C:\Windows\System\YALwiNH.exe
  C:\Windows\System\YALwiNH.exe
  2⤵
  PID:14732
- C:\Windows\System\RpQNtcd.exe
  C:\Windows\System\RpQNtcd.exe
  2⤵
  PID:1980
- C:\Windows\System\iSGLUOK.exe
  C:\Windows\System\iSGLUOK.exe
  2⤵
  PID:14924
- C:\Windows\System\ZRMxkKu.exe
  C:\Windows\System\ZRMxkKu.exe
  2⤵
  PID:14992
- C:\Windows\System\YBHuCsx.exe
  C:\Windows\System\YBHuCsx.exe
  2⤵
  PID:3028
- C:\Windows\System\PHSyiUo.exe
  C:\Windows\System\PHSyiUo.exe
  2⤵
  PID:15140
- C:\Windows\System\PIuYNrE.exe
  C:\Windows\System\PIuYNrE.exe
  2⤵
  PID:2704
- C:\Windows\System\jSelEFT.exe
  C:\Windows\System\jSelEFT.exe
  2⤵
  PID:4844
- C:\Windows\System\bUFcaHR.exe
  C:\Windows\System\bUFcaHR.exe
  2⤵
  PID:15332
- C:\Windows\System\bIKKhwJ.exe
  C:\Windows\System\bIKKhwJ.exe
  2⤵
  PID:14424
- C:\Windows\System\JFoLUob.exe
  C:\Windows\System\JFoLUob.exe
  2⤵
  PID:14556
- C:\Windows\System\NcMTSJq.exe
  C:\Windows\System\NcMTSJq.exe
  2⤵
  PID:2156
- C:\Windows\System\mcgxogA.exe
  C:\Windows\System\mcgxogA.exe
  2⤵
  PID:4400
- C:\Windows\System\eKWgpzh.exe
  C:\Windows\System\eKWgpzh.exe
  2⤵
  PID:14916
- C:\Windows\System\uLtlIFj.exe
  C:\Windows\System\uLtlIFj.exe
  2⤵
  PID:14960
- C:\Windows\System\WpOTlkd.exe
  C:\Windows\System\WpOTlkd.exe
  2⤵
  PID:4732
- C:\Windows\System\idmdXZF.exe
  C:\Windows\System\idmdXZF.exe
  2⤵
  PID:4724
- C:\Windows\System\uVbXFVr.exe
  C:\Windows\System\uVbXFVr.exe
  2⤵
  PID:4680
- C:\Windows\System\IHcJDYD.exe
  C:\Windows\System\IHcJDYD.exe
  2⤵
  PID:724
- C:\Windows\System\PWWthKY.exe
  C:\Windows\System\PWWthKY.exe
  2⤵
  PID:14352
- C:\Windows\System\GPWGYDk.exe
  C:\Windows\System\GPWGYDk.exe
  2⤵
  PID:2368
- C:\Windows\System\JVVfVpO.exe
  C:\Windows\System\JVVfVpO.exe
  2⤵
  PID:4820
- C:\Windows\System\FAVDwnz.exe
  C:\Windows\System\FAVDwnz.exe
  2⤵
  PID:4168
- C:\Windows\System\dDMGLRu.exe
  C:\Windows\System\dDMGLRu.exe
  2⤵
  PID:14876
- C:\Windows\System\VPmNnzE.exe
  C:\Windows\System\VPmNnzE.exe
  2⤵
  PID:15024
- C:\Windows\System\GkMYfVO.exe
  C:\Windows\System\GkMYfVO.exe
  2⤵
  PID:1268
- C:\Windows\System\oaTGwPi.exe
  C:\Windows\System\oaTGwPi.exe
  2⤵
  PID:464
- C:\Windows\System\RLyQtcu.exe
  C:\Windows\System\RLyQtcu.exe
  2⤵
  PID:1824
- C:\Windows\System\RdOUSja.exe
  C:\Windows\System\RdOUSja.exe
  2⤵
  PID:3364
- C:\Windows\System\viMkODZ.exe
  C:\Windows\System\viMkODZ.exe
  2⤵
  PID:232
- C:\Windows\System\POiBcAq.exe
  C:\Windows\System\POiBcAq.exe
  2⤵
  PID:4468
- C:\Windows\System\avYeMnq.exe
  C:\Windows\System\avYeMnq.exe
  2⤵
  PID:456
- C:\Windows\System\RdIQirz.exe
  C:\Windows\System\RdIQirz.exe
  2⤵
  PID:1528
- C:\Windows\System\DrYXHfJ.exe
  C:\Windows\System\DrYXHfJ.exe
  2⤵
  PID:4252
- C:\Windows\System\CWpQOYX.exe
  C:\Windows\System\CWpQOYX.exe
  2⤵
  PID:3488
- C:\Windows\System\BrYPNOH.exe
  C:\Windows\System\BrYPNOH.exe
  2⤵
  PID:3424
- C:\Windows\System\euyFMqa.exe
  C:\Windows\System\euyFMqa.exe
  2⤵
  PID:5092
- C:\Windows\System\PUUmLDJ.exe
  C:\Windows\System\PUUmLDJ.exe
  2⤵
  PID:2464
- C:\Windows\System\PClRZKX.exe
  C:\Windows\System\PClRZKX.exe
  2⤵
  PID:2728
- C:\Windows\System\TOQjYEr.exe
  C:\Windows\System\TOQjYEr.exe
  2⤵
  PID:13356
- C:\Windows\System\vQwiQhN.exe
  C:\Windows\System\vQwiQhN.exe
  2⤵
  PID:3984
- C:\Windows\System\BdpHnxG.exe
  C:\Windows\System\BdpHnxG.exe
  2⤵
  PID:764
- C:\Windows\System\xTtDTNu.exe
  C:\Windows\System\xTtDTNu.exe
  2⤵
  PID:2332
- C:\Windows\System\RpfoJGj.exe
  C:\Windows\System\RpfoJGj.exe
  2⤵
  PID:1992
- C:\Windows\System\pVnrHTK.exe
  C:\Windows\System\pVnrHTK.exe
  2⤵
  PID:5240
- C:\Windows\System\ADMAXeJ.exe
  C:\Windows\System\ADMAXeJ.exe
  2⤵
  PID:1688
- C:\Windows\System\PsDMDAv.exe
  C:\Windows\System\PsDMDAv.exe
  2⤵
  PID:4140
- C:\Windows\System\sKzpjYd.exe
  C:\Windows\System\sKzpjYd.exe
  2⤵
  PID:15392
- C:\Windows\System\vVIUwwg.exe
  C:\Windows\System\vVIUwwg.exe
  2⤵
  PID:15424
- C:\Windows\System\JQAUIkC.exe
  C:\Windows\System\JQAUIkC.exe
  2⤵
  PID:15456
- C:\Windows\System\sJnDsQf.exe
  C:\Windows\System\sJnDsQf.exe
  2⤵
  PID:15488
- C:\Windows\System\qoyaBxg.exe
  C:\Windows\System\qoyaBxg.exe
  2⤵
  PID:15520
- C:\Windows\System\Fehdmbf.exe
  C:\Windows\System\Fehdmbf.exe
  2⤵
  PID:15560
- C:\Windows\System\fMmpkXA.exe
  C:\Windows\System\fMmpkXA.exe
  2⤵
  PID:15588
- C:\Windows\System\jMZqKkH.exe
  C:\Windows\System\jMZqKkH.exe
  2⤵
  PID:15620
- C:\Windows\System\bekBSeX.exe
  C:\Windows\System\bekBSeX.exe
  2⤵
  PID:15652
- C:\Windows\System\ESNegMC.exe
  C:\Windows\System\ESNegMC.exe
  2⤵
  PID:15684
- C:\Windows\System\IzefdDQ.exe
  C:\Windows\System\IzefdDQ.exe
  2⤵
  PID:15716
- C:\Windows\System\ReogdKb.exe
  C:\Windows\System\ReogdKb.exe
  2⤵
  PID:15748
- C:\Windows\System\eXTUprv.exe
  C:\Windows\System\eXTUprv.exe
  2⤵
  PID:15780
- C:\Windows\System\TwCmjef.exe
  C:\Windows\System\TwCmjef.exe
  2⤵
  PID:15812
- C:\Windows\System\cZOBmWj.exe
  C:\Windows\System\cZOBmWj.exe
  2⤵
  PID:15844
- C:\Windows\System\qrSpHuS.exe
  C:\Windows\System\qrSpHuS.exe
  2⤵
  PID:15876
- C:\Windows\System\WOjFIXb.exe
  C:\Windows\System\WOjFIXb.exe
  2⤵
  PID:15908
- C:\Windows\System\wdHfpiI.exe
  C:\Windows\System\wdHfpiI.exe
  2⤵
  PID:15940
- C:\Windows\System\wdyrATs.exe
  C:\Windows\System\wdyrATs.exe
  2⤵
  PID:15972
- C:\Windows\System\ygdNjnn.exe
  C:\Windows\System\ygdNjnn.exe
  2⤵
  PID:16004
- C:\Windows\System\JMDXTDJ.exe
  C:\Windows\System\JMDXTDJ.exe
  2⤵
  PID:16036
- C:\Windows\System\wTzbmwK.exe
  C:\Windows\System\wTzbmwK.exe
  2⤵
  PID:16068
- C:\Windows\System\cXuXasR.exe
  C:\Windows\System\cXuXasR.exe
  2⤵
  PID:16104
- C:\Windows\System\UQPNRmw.exe
  C:\Windows\System\UQPNRmw.exe
  2⤵
  PID:16136
- C:\Windows\System\jPuNtvn.exe
  C:\Windows\System\jPuNtvn.exe
  2⤵
  PID:16168
- C:\Windows\System\UGuoXvJ.exe
  C:\Windows\System\UGuoXvJ.exe
  2⤵
  PID:16200
- C:\Windows\System\nnzHyFm.exe
  C:\Windows\System\nnzHyFm.exe
  2⤵
  PID:16236
- C:\Windows\System\BzifTwR.exe
  C:\Windows\System\BzifTwR.exe
  2⤵
  PID:16268
- C:\Windows\System\NHdGRSP.exe
  C:\Windows\System\NHdGRSP.exe
  2⤵
  PID:16300
- C:\Windows\System\ElfvxHu.exe
  C:\Windows\System\ElfvxHu.exe
  2⤵
  PID:16332
- C:\Windows\System\IdnmaTm.exe
  C:\Windows\System\IdnmaTm.exe
  2⤵
  PID:16364
- C:\Windows\System\dOSQWLh.exe
  C:\Windows\System\dOSQWLh.exe
  2⤵
  PID:15372
- C:\Windows\System\lIfFhzh.exe
  C:\Windows\System\lIfFhzh.exe
  2⤵
  PID:15436
- C:\Windows\System\GWFqEwS.exe
  C:\Windows\System\GWFqEwS.exe
  2⤵
  PID:15452
- C:\Windows\System\tBIogSt.exe
  C:\Windows\System\tBIogSt.exe
  2⤵
  PID:15500
- C:\Windows\System\NwTwfWL.exe
  C:\Windows\System\NwTwfWL.exe
  2⤵
  PID:15548
- C:\Windows\System\vGLavba.exe
  C:\Windows\System\vGLavba.exe
  2⤵
  PID:13992
- C:\Windows\System\eoAxHBf.exe
  C:\Windows\System\eoAxHBf.exe
  2⤵
  PID:15600
- C:\Windows\System\PclajMo.exe
  C:\Windows\System\PclajMo.exe
  2⤵
  PID:5572
- C:\Windows\System\QLzMTHt.exe
  C:\Windows\System\QLzMTHt.exe
  2⤵
  PID:5636
- C:\Windows\System\kUTJYdm.exe
  C:\Windows\System\kUTJYdm.exe
  2⤵
  PID:15732
- C:\Windows\System\tqehUgP.exe
  C:\Windows\System\tqehUgP.exe
  2⤵
  PID:5728
- C:\Windows\System\LQRfmdP.exe
  C:\Windows\System\LQRfmdP.exe
  2⤵
  PID:5756
- C:\Windows\System\yYyQYFh.exe
  C:\Windows\System\yYyQYFh.exe
  2⤵
  PID:5824
- C:\Windows\System\UvRejkV.exe
  C:\Windows\System\UvRejkV.exe
  2⤵
  PID:15932
- C:\Windows\System\hcKAiCl.exe
  C:\Windows\System\hcKAiCl.exe
  2⤵
  PID:5892
- C:\Windows\System\MmfJaBY.exe
  C:\Windows\System\MmfJaBY.exe
  2⤵
  PID:16032
- C:\Windows\System\kMppmnC.exe
  C:\Windows\System\kMppmnC.exe
  2⤵
  PID:16084
- C:\Windows\System\QCPVnQl.exe
  C:\Windows\System\QCPVnQl.exe
  2⤵
  PID:16128
- C:\Windows\System\zmGgpRG.exe
  C:\Windows\System\zmGgpRG.exe
  2⤵
  PID:6108
- C:\Windows\System\gaDZpti.exe
  C:\Windows\System\gaDZpti.exe
  2⤵
  PID:5252
- C:\Windows\System\ujRXYpZ.exe
  C:\Windows\System\ujRXYpZ.exe
  2⤵
  PID:16260
- C:\Windows\System\OwRzBmr.exe
  C:\Windows\System\OwRzBmr.exe
  2⤵
  PID:5456
- C:\Windows\System\KtQjxAu.exe
  C:\Windows\System\KtQjxAu.exe
  2⤵
  PID:3172
- C:\Windows\System\cVjNtXu.exe
  C:\Windows\System\cVjNtXu.exe
  2⤵
  PID:16380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AToRJkF.exe

Filesize
5.7MB

MD5
f9b1d1f566952aa9c436877a7876fab5

SHA1
28beb79f3e8dd42f69509b585267484fba62a64f

SHA256
35a93135a26baa295431867756ed6ce84929d2f49147481db3d460b893fbe9b3

SHA512
f42aab05c0a3ef60fc033d62d48d24830b1415efaf7ebe3b4a971677f90d79b4a283e2624ee429b3afcf71800a223963590de02120db21ccaf8eb858b7fbeb83

Download Submit
C:\Windows\System\DwkTxkG.exe

Filesize
5.7MB

MD5
661b287149ee9060cb025951fbbc36e0

SHA1
0453c2968a5b661970c3d5b28d9c9e777534a323

SHA256
9893199839f99959f86f11cc0c2ad83a211ff20214b09c202b32bef8fc147d68

SHA512
ffc319d3e6fbc55daf52a93b7fa5ac751bbc7d196aa98dea1eaddf3882ca340c036c1d156ec953fdac7193d19d70b14ba897a437bd41b91f273fd366cd95a7d3

Download Submit
C:\Windows\System\EABImcc.exe

Filesize
5.7MB

MD5
a2ae6bf80394a6c4715c48b5c0ec2a33

SHA1
702f4ab2a760b60c4ac9306c56575d35fe217ed2

SHA256
091f6992c30e74216c282e5ace046195ae77c4f6a892c309f5b6637a4b43a05d

SHA512
5a14ed270763fb2e0e6e7299df9369d4646e423e8905a6c7b066f754a5c2732f6b502d7b9c483b87f665e47d4477c7d10ec7d2fa38243757a7d17c1ef0090dbd

Download Submit
C:\Windows\System\EiFAqvR.exe

Filesize
5.7MB

MD5
ac05b8e89b7fab74a6890be33b29b5db

SHA1
6b13d71a760a5180acdecc83e6198c4f98824fc3

SHA256
74dfd8df6bd5728cc7e3e96816f7395d5a44fc35e77ee4508f1b61c722b9a64d

SHA512
a5abc82cf689bae08eefe0db7c8d647f52d35e0ec0c46c72b22d8a0eb0e4224e8d9141fd1b4868836779a0c33e289746bb497480238ed39fff903b3a29550dba

Download Submit
C:\Windows\System\FeVMpSl.exe

Filesize
5.7MB

MD5
bb0d7c93e6881aaf0c3b16d953ddbe16

SHA1
daf7b74529b93066a5d265f01ae220ffa0310578

SHA256
ac316be23e80bf28dcdd709e61b32abb41f9e82a1914dcbd0f20a70c4f539565

SHA512
5e0f836e769f5bc751bc1e8170794c47095f48d9d949c7e553d1cfc5ba8fa334f07a113325efd92fd02d842d01840c0953910c85cab5de47676e7c063ca96270

Download Submit
C:\Windows\System\GslKCzq.exe

Filesize
5.7MB

MD5
4abae769c96572eab3a95b185d4e8119

SHA1
12d670814b893fe7f9e887cf3a8424795f7f82a6

SHA256
ddcb2a4abad96d46624f8b092b6f2aa14e4bbceeb8d1724a383a34b81b38f416

SHA512
2adacfda65e5752f4db92333d5589949037aaccaed4c37eca499ca0a5df344d9b043d18a55d57e967db97cd05f29e6f9345c02b7710f16e052119fcfb8e40087

Download Submit
C:\Windows\System\IMlOKsd.exe

Filesize
5.7MB

MD5
8a766d743772f0fc0a3e6c5a1d70eeb8

SHA1
ddd59ee79fb5cab9b95e8df988b43942f6c392b1

SHA256
f2121832e55b52749d4f81331576cae4ed660a7ea70c7f93de6b0ff60727480d

SHA512
64be24806ec7f1e16d3501368ed884063ac003614c51103c8f410aca26868c842ba7161e61ba3ed6a7ac785e0e65b920c7b03a07d4c445b1287582fe227c38a3

Download Submit
C:\Windows\System\IWaeHGs.exe

Filesize
5.7MB

MD5
9a356c748069871db5860bb7cd7bc5e0

SHA1
b026299c6cf42284c1ccdeaa3ceabb21c160e3aa

SHA256
18af9c1e6b4750e80bc663b6233ce114c0b6dc729f8c1a4cba475724886e70c9

SHA512
e0c20410ff3046fc4ac0e002b2725b60f2f6030b05248be1c5d29bacdcafcb120b9f465b448c31375115585701b3fdf653aff07a7b2c99ea230e4f96fd883783

Download Submit
C:\Windows\System\JtFibiq.exe

Filesize
5.7MB

MD5
01abaaeb98a511136b604a6bb3bfda53

SHA1
3c3b86d10224eddbd089258e01258fadd9e289ee

SHA256
0e0b8ae0ccbac2e64f191bdc6fc75c0086bf2714e90570ed397be81cf6d732eb

SHA512
2ddacf7a3753dfbfae90965cc9b92b9d06207ae8436c64c6adf130cdb3915caef7eb29d512390e4f71d10d7339864a4987654e6a47b823dc6422d225c6a18a54

Download Submit
C:\Windows\System\KAmucpk.exe

Filesize
5.7MB

MD5
bfaf8989159c5a62a0070070d028ccbb

SHA1
8cb09dd69309dbabcbda228bd1f96b045533b75a

SHA256
213d79c76cc0557699c2c5470989032dc62d479fd45bed7dfa27e2fe585bb0bb

SHA512
44c2f83bae67da016aa1ad56d33189fdef4d1429d5ca41dcb5cc209093c68b64d17cea0c4a1360d72963c8c48e4c58dcade3c567eab6ac46aebd27f1d6bc4253

Download Submit
C:\Windows\System\LDaSdRr.exe

Filesize
5.7MB

MD5
9d2b7e6b7a2fa473d66f2fab3e17e71d

SHA1
86d07f6abcee896cb2b1c82f1fa176022fbbfb7d

SHA256
61a55fed4f183dde46501282361ef5c4bd4cbe32e68337fff7d2ddcd65af377d

SHA512
ba7b8b2d7395ee68c4892710589db314090375a0c6da1dd5106efeef175c26ecff6267f06972492e5bbd5c3df1736c1d6f7867c2583fe9d85b0e951173806b11

Download Submit
C:\Windows\System\MApByeI.exe

Filesize
5.7MB

MD5
8620b7a97471d63df53afad8723d0ec9

SHA1
57d1ae9e5d7c555065df8a991cc1d7685dfe7a3f

SHA256
e9ae3f3e6987d21bd90cd3356b2ebdd47fab3cdca01da0ae50cf526dc28042c6

SHA512
791e9e343e7dd2a5381905e25f3b64d111db2586a67637e0d2cd1568afb0614d5f295d9b365620fd3a9efd4a8740222a1f0d673222172fdb43f683e1ce601aff

Download Submit
C:\Windows\System\MymBtyf.exe

Filesize
5.7MB

MD5
9f3d873725205f2dbdcdd3b39dc01691

SHA1
0b912cec6272d74f5ffa79d53e0db87380c38ff6

SHA256
dbb9e1a29cbafb117d7c2f9d6345bcc24db748660b2652461a80e6c26fc01829

SHA512
ac29750e3cf298f2006efa58272ab0c65d9112a2e294353af9285e1c6465dc35a329b676c38c3bbe816a4b7c9bab8230ce671e508c50fcfc78baa980da5d77e3

Download Submit
C:\Windows\System\NjlgkWe.exe

Filesize
5.7MB

MD5
6b8109324cd896e11a12c140466068e2

SHA1
46498b898a6956b20ea0c74d386ccbd174a121b0

SHA256
ee29b4ca1e49634a7150d9ec59ac6338de9735c2920b080847acbdf58dde12bc

SHA512
1c0b8c59a4d8c6dbab0a4b715eee687b59503f3dbf6faa9e3e2ad852811e99cc1092387f38575a88cb72bba6fe9968d967833d2855ab031f2175aee517e29ec0

Download Submit
C:\Windows\System\PXXewKg.exe

Filesize
5.7MB

MD5
05af187e8a0aad4e1cce553332213e77

SHA1
ad0900a9cbf280bd67ea1b029b50e4f658d4ca73

SHA256
a2da8ab98fae6133b3217526c7d7b26a30057a596cb04f87e382041b08bc8f4d

SHA512
0dbfa1bffbf2c6987742e6e8d5e8e0965df32523d01401cbea43cc56dafed70528c433fb60bb8cc225491122b1416d17747d227fb39a150ac4758533d3e367e0

Download Submit
C:\Windows\System\QokMILB.exe

Filesize
5.7MB

MD5
abe5b8e7e0a7903f712dba6c1af50581

SHA1
b39b67e195e43801361a9e956b6ddcb8fce2adb6

SHA256
6759836d8e7c0a8c5b5327c8b35c985d9d5d15d2754cfc92298a6c24075da785

SHA512
09070c547dcce340e3c4aa939d251282dc5c34dc97de2f66ded6c8823c1908ca371573a4262317c8610774762d1f2fdcd966b2f68db10bf6f3b428005a85aa4c

Download Submit
C:\Windows\System\TJlHKeU.exe

Filesize
5.7MB

MD5
c8b4c812194ba407723ce421df9dc841

SHA1
44db916d282dd35876d72613590ee5036cc60afc

SHA256
da75be642fe0fbe9444aa5f7b33aba39288a81642a7be06636ac30d7bb78c103

SHA512
5b7130f660729aa5efc309a9edb5c22eba3b3a8be5845f78a0c83bb4e29a21c8c4d2db3a43a7de08069492a8b20f78c8d5f69b496ad58e3696f1b4546c78a03d

Download Submit
C:\Windows\System\UmsfQeA.exe

Filesize
5.7MB

MD5
157b3a514808948952afe42c932eef2e

SHA1
98e390bbb8c9c1448c2334e597f673dde0c32902

SHA256
d9f4da10990ad82df1e87df276deb11a5a9650016f888e96edc39caa9a077776

SHA512
bfec2b5003b59edd31dc28da0d78591dc06c16a55e9ed55946bb2f83a8f6195bcf1cc7567d661a78987c4207722007cd3a5177966b9bd47c2f554c6d38a3b8ac

Download Submit
C:\Windows\System\WYIwfWL.exe

Filesize
5.7MB

MD5
440b04ba81f49d244766c5b7be6a6ce6

SHA1
6a646a53efc230d40a3c21ce86b0d6edcabb527d

SHA256
d3fcd73717f91704cea5ab95e9f0d2d0de63c15240bfa677d6cf73b273f8dc19

SHA512
5329989d821309e4912e69d2d3bd89ba1eb34384cab00b4dcfaaf7e99bad45c10a9277afb3a8b3663fc8ca12e6d590810316aaa30d55f655c7fea2735e6c6c37

Download Submit
C:\Windows\System\WbCarYL.exe

Filesize
5.7MB

MD5
235baa2753b129ad148483761e2192b3

SHA1
e28fce0439aefd53fae3f8df326030224a892414

SHA256
b878536669cd2f28be82eb32ec609473252ea0d41131d0d176dad1245af0375f

SHA512
1b9120a7a932ceb388adb19f60634b90cb0e9a941ac7120815de6f534c346ac0378a138f15a2baa58aba1486ea574e230049b380901c3a73e0c97f618caf4bde

Download Submit
C:\Windows\System\XeHJDzO.exe

Filesize
5.7MB

MD5
3f38602b1b7a0eb0f6c15d0fb6d80598

SHA1
2a024a62f9c0d55fd7cadfc6ba3a6d5ce5a660ba

SHA256
a328ef59586323a76763e816766066e1cefa570729756c4590293b6236d80f1e

SHA512
399c3db4d2fba805e2961e6f923df1b106874b5f84312e5aafd2af82dcbd20647f88f9c7f3140883c6979a677d5d2dd7233f1fb0336228e6c6fc3b40785417c7

Download Submit
C:\Windows\System\aFGgsye.exe

Filesize
5.7MB

MD5
458fbcd0511ae7b3c4eb6b536433f8c1

SHA1
9da64ade4a3aefd1b7fd9991854405fcc54fd8f3

SHA256
7239458c105131634a3cb478273e9937b33ebaf6e30b25798f7b396417612556

SHA512
7c3a7e45fe8c632847a73862d20ba8fffbf761ba7ff52904e41548d86ef68ee2e871cf87790158841191a8e60e9526019492d90a266247fa536817e9469f3146

Download Submit
C:\Windows\System\bzIvmcY.exe

Filesize
5.7MB

MD5
a6b3dc4736958f4ac2494753d7d523dd

SHA1
019bdf79d6c018dae5b09d29a85b0def57cae73a

SHA256
f62524bb3c751fd3bb51918289bd0e9ed70ccda19e8de7b2d16e1ec2d38e7cfc

SHA512
7b380d34f4d339825e65f96704c35a1028f8fdcbfffc9b9c541ad72538772e2357fa827f2af7d914c332b76ba3aaf62202d00a0c44eda6e9d1f751b1093aed6a

Download Submit
C:\Windows\System\hyfnRQm.exe

Filesize
5.7MB

MD5
25cff3f8ab4317e7c8b1898affbf223b

SHA1
74c2d5eecd1c95873c81d6fed1bcefc54bac3136

SHA256
e66e165ba9cfbe84ee1ece751c05f605765730b442878afdb9dffa4d9f2ca6c5

SHA512
763f0e9b771468358451975943a70fa80befcd0f878e27eebc808bf623c554987cc211232f4668feb8ade75a19ac0ce4480ea8c44d845d0d06fa8bc5abcd05e2

Download Submit
C:\Windows\System\iivXATb.exe

Filesize
5.7MB

MD5
72367c3c18730d2b9bd06b94e52bb221

SHA1
89343f8b5172641dfcf54f5f1a624368a5961fe8

SHA256
7054d680e90eaeded848737df2b004c41352438febe903f4855fdc0fc040d46d

SHA512
6460b7bb82278398518c55c97b7e064b2ae2f2cae65b200ddbd8b5a33b9d6599c6469bf4461800c0000fb1a281474b860b0abfd05d4778146740200dbc5bf760

Download Submit
C:\Windows\System\kEwdMih.exe

Filesize
5.7MB

MD5
776971f10066ce3bead3d8af8a9a4a48

SHA1
af35649a601b5fa322a23ff6460fec3a96d639cd

SHA256
f4c0e5344ddd028a77ead8a1648b9555c90a9e7854581598bf97e34c79032a97

SHA512
27ed94d707ad460bf5dd39f8b72bbac5e78635ab66c5b36f23d464041a75b04eb55d310edc40615f93ddd4344540682861d403db02549124c3faf2eaf7a0c259

Download Submit
C:\Windows\System\ogOFijO.exe

Filesize
5.7MB

MD5
5dd88859673f804ab81dc28d89b613c0

SHA1
e9eabfd771a715e2d8528e078d149fce16fd3b84

SHA256
b968433081c93c85a189f199e5648c5d2f94573bee723d9be5ab239b95d33b7b

SHA512
2881fe0de4f4b3f88b86de75a40d5e5c1fc667bda9bfdf70491be834878e7a285e11b59cd51f7d004bb959c0235cef22544d33d08dfac814e219deaa739940ed

Download Submit
C:\Windows\System\otbhwOE.exe

Filesize
5.7MB

MD5
12b23511a778b078bbfdfb6e6d3b6810

SHA1
9913282c11eee041bcb9ebbab8a91d2b4de08d4c

SHA256
bed4fc1ff308251e09cb27cbe8884afc736296e328db7106430c307a4227f156

SHA512
14ef799d3ae7cdd6d574b5c4933973e60144513b9b6e330d33e440278e849ae76253cc3fb48739b446fb795045157bac27e8ac3be8e064fd4c3cbe536844f941

Download Submit
C:\Windows\System\rpxVjmg.exe

Filesize
5.7MB

MD5
91688d122fceac976b1af60ce949ec56

SHA1
e045ffe710c4af75eea307d95fa9d39551d8c9db

SHA256
7b273c815308a4fb3097e338cfe44aa5047b905dc0e39433eb2c9a53b358792d

SHA512
195b00ea2505ec7de05081483b105c5b76183de76f921fdd2b9317357796630a68e211cd6b632d9386d1c9567536a9b90cc517cb0c3cb6f4d411d607f8a8c093

Download Submit
C:\Windows\System\tYMdqjR.exe

Filesize
5.7MB

MD5
12040d868a8641b280ad88f3cdbc2043

SHA1
8d7c3a265a6c41aa4c0c8e7c7d6eb7d00b10c51b

SHA256
944f920d87113dc018c6f5356a03800b61b20d941ccbf7522e288541d8b9d751

SHA512
504daf990e3f09c5f3b459bcaba6c1d6ee00107a2de5703c5ac89046ba752721bc5c0bf339c541419c882472f445b7039cf9c7e4ec4f91345115cd68b6667dd5

Download Submit
C:\Windows\System\tkrYpcL.exe

Filesize
5.7MB

MD5
1f1dd0df6ad944bf6884d27b553d9ede

SHA1
69c1c13448178da1000924335c50de167cec55b1

SHA256
75ab69810fe242a2537c07c0a30e139b16ed7efcbdb42bc97dd040b4fceca259

SHA512
f0c1c7643239801bf82d05c33664f995fed548ee4c0ecd54d5c8dcee722053d2850626a7d67666b9b80ca82a290ac3904af2e5b8182e050c6eac27b608e854c6

Download Submit
C:\Windows\System\wqGXdit.exe

Filesize
5.7MB

MD5
3729db229b51533a7f87ed8b1b8b2c0c

SHA1
590002645db828af15c0f90ee6c237a6e62247ae

SHA256
c43eb7f8462d69e55733808e99ed2a6501876cb0cb0672fb27516ab3c6d94295

SHA512
a228774a8f6eaa24ca05326817b2ff53a03b59e335531daa81b826fd40956f059ec562d0605fe202a4267eacf950c98919faacb03f3641e39ff91457522cab85

Download Submit
memory/208-73-0x00007FF795900000-0x00007FF795C4D000-memory.dmp

Filesize
3.3MB

Download
memory/380-19-0x00007FF67B070000-0x00007FF67B3BD000-memory.dmp

Filesize
3.3MB

Download
memory/400-37-0x00007FF7E1B00000-0x00007FF7E1E4D000-memory.dmp

Filesize
3.3MB

Download
memory/428-61-0x00007FF6F5210000-0x00007FF6F555D000-memory.dmp

Filesize
3.3MB

Download
memory/668-150-0x00007FF700770000-0x00007FF700ABD000-memory.dmp

Filesize
3.3MB

Download
memory/744-43-0x00007FF772230000-0x00007FF77257D000-memory.dmp

Filesize
3.3MB

Download
memory/864-55-0x00007FF69A600000-0x00007FF69A94D000-memory.dmp

Filesize
3.3MB

Download
memory/912-115-0x00007FF6E3760000-0x00007FF6E3AAD000-memory.dmp

Filesize
3.3MB

Download
memory/1028-162-0x00007FF7145B0000-0x00007FF7148FD000-memory.dmp

Filesize
3.3MB

Download
memory/1352-130-0x00007FF6B73A0000-0x00007FF6B76ED000-memory.dmp

Filesize
3.3MB

Download
memory/1356-7-0x00007FF7E3D80000-0x00007FF7E40CD000-memory.dmp

Filesize
3.3MB

Download
memory/1480-13-0x00007FF68C800000-0x00007FF68CB4D000-memory.dmp

Filesize
3.3MB

Download
memory/1560-1-0x000001B816840000-0x000001B816850000-memory.dmp

Filesize
64KB

Download
memory/1560-0-0x00007FF6C6FC0000-0x00007FF6C730D000-memory.dmp

Filesize
3.3MB

Download
memory/1568-187-0x00007FF6C2360000-0x00007FF6C26AD000-memory.dmp

Filesize
3.3MB

Download
memory/2108-169-0x00007FF7B5650000-0x00007FF7B599D000-memory.dmp

Filesize
3.3MB

Download
memory/2304-126-0x00007FF68F880000-0x00007FF68FBCD000-memory.dmp

Filesize
3.3MB

Download
memory/2448-106-0x00007FF7EB570000-0x00007FF7EB8BD000-memory.dmp

Filesize
3.3MB

Download
memory/2696-79-0x00007FF7E72B0000-0x00007FF7E75FD000-memory.dmp

Filesize
3.3MB

Download
memory/2780-159-0x00007FF7835B0000-0x00007FF7838FD000-memory.dmp

Filesize
3.3MB

Download
memory/3008-91-0x00007FF6878D0000-0x00007FF687C1D000-memory.dmp

Filesize
3.3MB

Download
memory/3688-100-0x00007FF7A9A40000-0x00007FF7A9D8D000-memory.dmp

Filesize
3.3MB

Download
memory/3832-175-0x00007FF60E2F0000-0x00007FF60E63D000-memory.dmp

Filesize
3.3MB

Download
memory/4032-85-0x00007FF70ED10000-0x00007FF70F05D000-memory.dmp

Filesize
3.3MB

Download
memory/4184-31-0x00007FF6EBB50000-0x00007FF6EBE9D000-memory.dmp

Filesize
3.3MB

Download
memory/4416-111-0x00007FF77DE40000-0x00007FF77E18D000-memory.dmp

Filesize
3.3MB

Download
memory/4444-146-0x00007FF7476F0000-0x00007FF747A3D000-memory.dmp

Filesize
3.3MB

Download
memory/4604-144-0x00007FF69FA80000-0x00007FF69FDCD000-memory.dmp

Filesize
3.3MB

Download
memory/4692-52-0x00007FF753610000-0x00007FF75395D000-memory.dmp

Filesize
3.3MB

Download
memory/4716-67-0x00007FF6A8230000-0x00007FF6A857D000-memory.dmp

Filesize
3.3MB

Download
memory/4868-180-0x00007FF6CC3E0000-0x00007FF6CC72D000-memory.dmp

Filesize
3.3MB

Download
memory/4872-140-0x00007FF673CF0000-0x00007FF67403D000-memory.dmp

Filesize
3.3MB

Download
memory/4884-25-0x00007FF7928F0000-0x00007FF792C3D000-memory.dmp

Filesize
3.3MB

Download